Data Protection Commission

In Brief This is a unique and exciting opportunity to join the Data Protection Commission's (the "DPC") team.

The Senior Regulatory Lawyer will have a key role in what is one of Europe's most prominent and active data protection regulators, with opportunities to contribute to the DPC's extensive work at national level, as well as the high-profile and unique role it holds in the supervision of large international organisations based in Ireland.

This senior role involves advising on or litigating/conducting regulatory investigatory or enforcement activities, including the scoping, conduct and completion of such investigatory activities and, critically, the drafting of investigatory outcome reports.

As a result, the Senior Regulatory Lawyer will be involved in a diverse array of substantive data protection issues as well as novel legal and regulatory matters.

The DPC welcomes applications from candidates at various stages of their career and with all ranges of experience who meet the minimum requirements.

Working at the DPC The DPC puts its employees first.

As a body that has been recognised by the Irish government and the European Commission as one of key strategic importance, our aim is to attract and retain staff of the highest calibre in today's competitive labour market.

The DPC maintains a forward-looking and innovative workplace that respects the principles of equality and diversity and is committed both to the ongoing development of the people who work there, its own internal values and significant legal obligations to preserve and constantly improve this environment.

As well as a rewarding and challenging career, some of the benefits the DPC offers its Senior Regulatory Lawyers are: Competitive salary starting at €79,086, with annual increments subject to satisfactory performance bringing the salary to €92,579 after five years, with access to two further long service increments thereafter Public Sector pension 30 days of annual leave per year Access to a range of work-life balance and family-friendly workplace initiatives and policies A blended working model Learning and development opportunities, including access to a refund of course fees scheme, paid study leave and paid examination leave for relevant courses of study High quality modern business premises purpose-designed and fitted out with the business needs of the DPC and its staff at its core Cycle to work scheme Tax saver public transport pass Regular opportunities for promotion through internal and confined civil service inter-departmental competitions Pending completion of required service, opportunities for career breaks The DPC currently has several vacancies for the role of Senior Regulatory Lawyer and while prior experience of data protection law is desirable, it is not essential.

The DPC welcomes applications from high-calibre candidates who have demonstrable experience relevant to the role.

It is intended to create a panel of Senior Regulatory Lawyers from this competition.

This panel will expire 18 months after date of formation unless exhausted sooner.

Successful candidates may be based in the DPC's offices in Dublin City Centre or in Portarlington Co.

Laois, depending on business needs.

Background The Data Protection Act 2018, which became law on 25 May 2018, established the Data Protection Commission (DPC).

The DPC is the national independent supervisory authority, responsible for monitoring the application of the EU General Data Protection Regulation (GDPR) and upholding the EU fundamental right of the individual to have their personal data protected.

The DPC has played a pioneering role in enforcing the GDPR across Europe as the lead supervisory authority for a large number of technology and internet platform companies with EU headquarters in Ireland.

The core functions of the DPC, under GDPR and the Data Protection Act 2018, which gives further effect to the GDPR in Ireland, include: driving improved compliance with data protection legislation by data controllers and processors, handling complaints from individuals in relation to the potential infringement of their data protection rights, conducting inquiries and investigations regarding potential infringements of data protection legislation, promoting awareness amongst organisations and the public of the risks, rules, safeguards and rights in relation to processing of personal data, and co-operating with other data protection authorities in other EU Member States on issues such as complaints and alleged infringements involving cross border processing under the GDPR's cooperation and consistency framework.

The DPC also acts as a supervisory authority under a number of other legal frameworks, such as the Law Enforcement Directive (LED), e Privacy, some sectoral legislation, and data protection issues which occurred prior to 25 May 2018, where the applicable legal regime is the Data Protection Acts 1988 and 2003.

The DPC regulates the public and private sectors.

The DPC has recently been identified as one of a number of fundamental rights agencies under the EU AI Act.

A decision by the Government on the designation of competent authorities for the purposes of the Act has yet to be made.

In addition the DPC engages and cooperates with other digital regulators both in Ireland and at European Commission level under EU digital acts which include the Digital Markets Act and the Digital Services Act.

Context for the DPC's work In May 2018, the GDPR came into application across Europe, replacing the previous 1995 EU Data Protection Directive with a modernised code more reflective of the evolving technological climate.

The GDPR has direct effect, vastly increasing obligations on organisations and providing for additional and stronger enumerated rights for individuals.

Along with the LED and the e-Privacy Regulation, the DPC has significant responsibilities for overseeing a range of matters specifically relating to privacy and data protection including deep peer cooperation between European data protection authorities under Chapter VII of the GDPR.

In particular, the DPC's role under the GDPR has become a central one in Europe as a lead supervisory authority for the regulation of many multinational companies which have located their European headquarters in Ireland.

The DPC also has a role in regulating artificial intelligence applications as they pertain to personal data processing.

As referenced above, the Government has yet to decide on the designation of competent authorities under the AI Act.

The GDPR remains a cornerstone of recent digital regulation developments in the EU and the DPC, as a GDPR lead authority, thus operates in a complex regulatory environment with other national and international regulators including the European Commission.

Following the GPDR's coming into application on 25 May 2018, the DPC's role, work and powers have expanded significantly and rapidly, to include: Expanded powers The DPC has the power to impose administrative fines of up to €20 million or 4% of the worldwide turnover of the regulated entity (whichever is higher), to ban the processing of personal data, to order its deletion, and to order entities to bring processing into compliance.

Examples of the DPC's use of such powers to date are readily available in national and international media.

Increasing prominence The DPC has an increasingly prominent role as the lead supervisory authority for the regulation of numerous global technology and social media companies, which have their European headquarters in Ireland.

Novel legal issues Much of the DPC's work involves the consideration of abstract and principles-based regulation which has often not yet been considered in detail by courts or other regulators.

This gives the DPC a ground-breaking and agenda-setting role.

Key issues of today's world By its nature, the DPC's work involves consideration of some of the key issues facing today's world.

This can span from the extent of the presence of CCTV, to matters of personal privacy, to the use of personal data by social media and other technology companies, to the transfer of personal data outside of the EU to jurisdictions with differing legal regimes from our own, to name but a few.

This is an exciting opportunity to join the DPC team.

The Senior Regulatory Lawyer will be involved in unique and challenging legal and regulatory work in a fast moving and high profile environment, dealing with novel and ground breaking legal issues.

Prior experience of data protection law is desirable but not essential and the DPC would welcome applications from high calibre candidates who have demonstrable relevant expertise and experience.

The Role The post of Senior Regulatory Lawyer is a civil service senior managerial grade (Assistant Principal Officer) within the DPC, reporting directly to a Deputy Commissioner.

The principal functions of the Senior Regulatory Lawyer will be to advise on or conduct and lead investigatory activities, such as complaint handling activities, statutory inquiries and investigations into complaints and alleged infringements of data protection law.

The Senior Regulatory Lawyer will bring their relevant professional experience to bear in all aspects of advisory or investigatory activities which they are responsible for, including the scoping, conduct and completion of investigatory activities and, critically, the drafting of relevant advices and/or investigatory outcome reports.

The following are also indicative (but not exhaustive) of the responsibilities and duties which the Senior Regulatory Lawyer will be expected to perform.

Specific responsibilities will depend on the area of the DPC to which they are assigned: Carrying out, leading or coordinating complaint-handling, statutory inquiries and investigations including ensuring that investigatory activities are: appropriately scoped and individual case plans are in place; are conducted expeditiously with full regard to the procedural rights of all parties involved in the process; and that the subject matter of the investigation is conducted comprehensively with regard to all relevant issues, utilising appropriate fact-finding and information-gathering powers; Undertaking expert legal analysis, including risk assessment where appropriate, in relation to the investigatory activities undertaken/ led by the Senior Regulatory Lawyer, with regard to the application of both fair procedures and natural and constitutional justice, and data protection principles; Authoring or leading teams in authoring investigatory outcome and other reports, ensuring that all such reports: are of the highest written standards, with regard to structure, expression and content; comprehensively reflect the principal issues which are the subject matter of the relevant investigatory activity; accurately describe the conduct of the investigatory activities and the findings of fact; and demonstrate robust, sustainable legal analysis and reasonable and rational conclusions in relation to the central question as to whether there are/ have been infringements of the relevant data protection laws; Managing a team of staff to include investigators, technical experts and administrative staff and overseeing all activities carried out by team members, as well as managing case-loads to ensure appropriate prioritisation of systemic/high risk issues, and driving on multiple simultaneous complaint-handling and investigatory activities across different cases; Analysing the relevant legal requirements (including procedural and statutory requirements) in respect of all complaint-handling and investigatory activities undertaken and ensuring that adherence to these obligations is embedded into all such activities in order to safeguard the fairness and integrity of the investigatory activities and outputs; Developing, implementing and monitoring best practice procedures for ensuring adherence to the application of fair procedures and natural and constitutional justice in the conduct of all complaint- handling and investigatory activities and outputs; Undertaking regular analysis of outcomes of complaint-handling and investigatory activities with a view to, amongst other things, identifying central legal issues requiring adoption of organisation- wide positions, identifying patterns/trends of non-compliance, and preparing and outputting statistical results relating to the progress of ongoing complaint-handling and investigatory activities; Providing legal advice, support and expert analysis across the operational and functional areas of the DPC in relation to the application of data protection principles in particular contexts and in relation to the conduct of legal actions initiated by (or against) the DPC, to include enforcement actions, court applications, prosecutions and statutory appeals; Conducting and overseeing the conduct of comprehensive legal research and identifying changes and legal trends that may impact on the DPC's role or that may require adjustments to the operations and strategies pursued by the DPC, and contributing to the development of appropriate response strategies; Providing legal advice, support and expert analysis in relation to the particular requirements (and likely impact) of new legislation (at both national and EU levels), to include, but not limited to, data protection legislation; Participating and collaborating with other senior investigatory staff including on cross-departmental investigatory activities/issues and linked to this, supporting and assisting the relevant Deputy Commissioner in a constructive and collaborative fashion, to advance the strategic development and operational functioning of the areas falling under the Deputy Commissioner's remit; Working collaboratively with other EU data protection authorities ensuring that the DPC adheres to its legal obligations in relation to EU legal requirements applicable to the co-operation and consistency mechanisms under Chapter VII GDPR, where investigatory activities are concerned with cross-border processing; and Keeping up to date with relevant legal developments which may impact on the conduct of the DPC's investigatory activities and identifying changes and legal trends that may necessitate adjustments to the operations and strategies of the DPC, and contributing to the development of appropriate response strategies.

In addition, the Senior Regulatory Lawyer will be expected to- Work in a constructive and collaborative fashion with colleagues across the organisation and make a significant contribution towards the development of the DPC's policy and strategy; Manage relevant staff to achieve key organisational goals; Demonstrate a strong commitment to promoting quality improvement and a learning culture in the DPC through the review, development and implementation of high quality business processes, as well as the development of expertise and skills of team members and across the organisation as a whole; Represent the DPC at international, EU and domestic conferences and meetings, undertake speaking events at conferences, deliver internal DPC educational and training events; Host and meet stakeholders as may be required from time to time; Build strong, collaborative relationships with other members of staff of the DPC, staff of other data protection authorities and at EU level; and Deliver such other priorities, responsibilities and tasks as may be assigned from time to time.

Note The title "Senior Regulatory Lawyer" is used to describe the position advertised in this competition.

However the DPC may, at its discretion, assign another title to a candidate appointed under this competition for the purposes of more accurately denoting the functional/operational area of the DPC to which the candidate has been assigned.

ENTRY REQUIREMENTS Essential Candidates must: (a) On or before 2 April 2025, be admitted and enrolled as a Solicitor or Barrister in the State; or (b) Anticipate that they will be entitled to be enrolled as a Solicitor or Barrister in the State, by 2 April 2025, at the latest.

Please note : Appointments will be made subject to verification that candidates were admitted and enrolled by the above dates.

Have demonstrable sophisticated legal analytical and legal drafting/writing skills with experience of report writing (or advising on the production/drafting of reports); Have a track record in conducting expert legal analysis and developing practical strategies and solutions based on such analysis in a fast paced environment, managing multiple projects under pressure and to tight deadlines; Have demonstrated ability to lead or manage teams in delivering results; Have extensive knowledge of regulatory/administrative law i.e.

the application of natural and constitutional justice and fair procedures.

Have the ability to quickly identify key legal or strategic risk issues that arise in connection with the discharge of the DPC's functions; Have excellent organisational and time management skills and the ability to learn quickly; Have demonstrated ability to provide accurate interpretation and practical application of principles- based legislation, common law, EU and European Court of Human Rights case law to real-life scenarios; Have overall excellent presentation and communication skills; Have the ability to demonstrate a high level of discretion and the corresponding ability to handle sensitive information; Have strong interpersonal skills and demonstrated experience of leading whether in-house or in practice; Have the ability to demonstrate a high level of integrity regarding colleagues and the services provided; Be self-motivated and self-reliant in managing tasks and keen to take the initiative in developing and progressing projects.

In addition to the above, candidates must also demonstrate the key competencies for effective performance at this level which are detailed overleaf Desirable Experience of regulatory investigations and/or equivalent enforcement activity.

This experience may have been gained from advising on or litigating such issues, or from direct involvement - as part of an in-house legal/regulatory/investigatory/enforcement function - in leading or conducting such activities.

Experience of litigating in a regulatory law context; Experience of advising on privacy and data protection matters in private or public sector arenas; Good understanding of technology and its impact on data protection and privacy; Good knowledge and understanding of the EU and national policy agendas in the area of data protection; Experience of public speaking in a professional capacity.

How to Apply By clicking Apply you will will see instructions on how to submit your complete application as below.

Please take care when completing your application, ensuring you include all relevant details.

Your application will form part of the assessment process where shortlisting is applied and also where candidates are called for interview.

The Application Form allows applicants to detail their qualifications, skills and experience and how they meet the essential requirements and personal attributes of the post.

There is no requirement to provide any additional material such as a CV, etc.

Closing date The closing date for receipt of applications is strictly 12pm (noon) on Tuesday 8 April 2025.

All applications will be acknowledged.

Late applications will not be considered.

To be considered for this role you will be redirected to and must complete the application process on our careers page.

To start the process, click the Apply button below to Login/Register.

---