Consultant - GDPR Advisor - Remote (The Hague)

Ethics & Compliance Anywhere, United States


Description

Background:

Mercy Corps Netherlands (MCNL) was established in December 2017 as an independent legal entity with its own constitution operating as a part of the global organisation, Mercy Corps. Mercy Corps consists of: Mercy Corps Global (MCG), a US entity registered in Washington State and its field operations, including branches and local organisations (located in approximately 40 countries); Mercy Corps Europe (MCE), a UK entity with offices in Edinburgh and London, and Mercy Corps Netherlands (MCNL) with offices in The Hague and Geneva.

MCNL shares the global organisation’s mission, vision, core values, and charitable objectives, as well as operational resources for the implementation of program activities. MCNL operates under the common policy framework, shared with MCE and MCG with exceptions and additional policies and procedures developed to ensure full compliance with the legal framework in the Netherlands and the EU.

 

Purpose / Project Description:

The General Data Protection Regulation (GDPR) is a legal framework introduced by the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR came into force in the Netherlands on 25 May 2018. MCE has led the development of policies and procedures to ensure compliance with the GDPR requirements. With the UK’s departure from the European Union, MCNL needs to review the GDPR policy framework to ensure it is compliant with the requirements in the Netherlands and address any new/additional requirements resulting from Brexit.

 

Consultant Objectives:

The consultant will review the existing policies and procedures to ensure they are compliant with the Dutch law and advise on the development of additional procedures as may be required. Special attention will be given to the interagency operational setup and data sharing with MCE and MCG.

 

Consultant Activities:

The Consultant will:

  • Review the existing policies and procedures developed for Europe. List of policies provided in Annex A.
  • Advise on best practices for GDPR compliance in the Netherlands, taking into account the size of the organisation, nature of our work and interagency operational arrangements.
  • Work with the Mercy Corps Europe compliance and operations team and the MCNL Director to adjust existing policies and procedures and draft any new/additional policies as required.
  • Train MCNL staff on specific GDPR requirements in the Netherlands.

 

Consultant Deliverables:

  • Review of Mercy Corps data protection policy framework.
  • Revision of policies and procedures to ensure compliance with the Dutch law.
  • Development of additional procedures, as required.
  • Presentation of changes/additional to MCNL management and staff.

 

Timeframe / Schedule: 

1 February to 5 March 2020. Up to 15 days.

 

1

Desk review of existing policies

-        Initial advice and recommendations on legal requirements and best practices – written report

1 February – 15 February

2

Revision of policies and procedures and drafting of new policies

-        Revised policies

-        New policies, if applicable

15 – 28 February

 

2

Presentation of changes/overview of new policies for MCNL team.

1 – 5 March

 

The Consultant will report to:

MCNL Director

 

The Consultant will work closely with:

Interim Director of Compliance, Risk and Governance, Operations Manager Mercy Corps Europe, Responsible Data Programme Manager