Data Protection Officer

Key information

  • Location: EMBL Heidelberg
  • Staff category: Staff Member - Administrative and support
  • Contract duration: 3 years (renewable)
  • Grading: 6, 7 or 8; depending on qualifications and experience
  • Closing date: 3 October 2020
  • Reference number: HD01828

Continue reading for more information about this position, or apply now.

About this position

We are Europe’s flagship research laboratory for the life sciences – an intergovernmental organisation performing scientific research in disciplines including molecular biology, physics, chemistry and computer science. We are an international, innovative and interdisciplinary laboratory with more than 1700 employees from many nations, operating across six sites, in Heidelberg (HQ), Barcelona, Hinxton near Cambridge, Hamburg, Grenoble and Rome. EMBL offers and maintains a vibrant, cooperative, team-oriented and open working atmosphere.

Your role

EMBL is seeking a Data Protection Officer (DPO), i.e. an expert with knowledge and experience of personal data protection regulations, policies and practices. The DPO will provide information and advice to EMBL’s management and officials in charge of personal data processing; develop and take measures to ensure compliance with EMBL’s rules; develop and implement training programmes to promote awareness of personal data protection; and act as the primary point of contact on personal data protection across the Organisation.

As an intergovernmental institution, EMBL has self-regulated data protection, while remaining aligned with GDPR ( The EMBL framework sets out the role and responsibilities of the Data Protection Officer. In addition to these core tasks, the following is expected of the postholder:

  • Development of a Data Protection Implementation Plan and overarching Data Protection Strategy
  • Implementing and managing required measures under the above
  • Provide information and advice on applicable rules and best practices to EMBL officials in charge of personal data processing, so that all processing operations are aligned with the applicable rules; in particular, develop internal documentation to complement and implement the applicable rules
  • Take measures to ensure compliance with applicable rules and, on his/her own initiative or on request, verify that any personal data processing complies with the applicable rules
  • Development and implementation of: i) a communication strategy to promote awareness of applicable rules on the part of officials processing such data and, more generally, of all EMBL staff; and ii) a personal data protection training programme for officials in charge of processing such data, in order to familiarise them with applicable rules and practices as well as their obligations and responsibilities in this respect
  • Serving as the primary point of contact for data protection-related queries in science and administration
  • Proactive, practical and actionable ongoing counsel to data controllers and processors across all EMBL sites
  • Working constructively and collaboratively with key internal stakeholders in the review of projects and related data to ensure compliance with applicable legal frameworks
  • Representing EMBL on all matters data protection in key scientific projects
  • Developing standards, guidelines, templates and tools to facilitate data protection compliance
While the role is functionally independent and as such answerable to the Director General, the postholder is organisationally integrated, although not formally part of, Legal Services. The Data Protection Officer will be bound by secrecy and shall neither seek nor accept instructions from anyone.

You have

Academic Background

  • Advanced university degree in law/international law, information technology law/data protection law, audit, compliance, or another directly relevant field, or relevant training and experience in the field of personal data protection.
Professional Background
  • Extensive experience (5 years or more) in legal compliance, audit or data protection, and at least 2 years directly on data protection
  • Strong knowledge of personal data protection policy, legislation and practices
  • Demonstrated understanding of personal data processing activities, and an ability to interpret relevant personal data protection rules
  • Fluency in English
  • Knowledge of German or French
Core Competencies For this role, the following competencies would be particularly important:
  • Analytical thinking, drafting skills, managing resources, Teamwork and Team leadership, Influencing, Strategic networking, Strategic thinking
  • Expert knowledge of data protection laws and practices in relevant fields (scientific research, life sciences, international organisations)
  • Proven communication and interpersonal skills, capacity for listening and understanding
  • Ability to handle highly sensitive information, maintain confidentiality and inspire trust
  • Ability to perform duties in a fully neutral and unbiased manner
  • Demonstrated problem solving and negotiation skills

You might also have


  • Good technical knowledge of IT infrastructures would be an advantage

Why join us

EMBL is an inclusive, equal opportunity employer offering attractive conditions and benefits appropriate to an international research organisation with a very collegial and family friendly working environment.

  • Competitive salary exempt from national taxes
  • Comprehensive pension scheme, medical, educational and other social benefits, as well as financial support for relocation and installation, including your family
  • Excellent child care facility on campus
  • Certified training and continued development of your professional and personal skills
  • Flexible and friendly working environment

What else you need to know

Please note that appointments on fixed term contracts can be renewed, depending on circumstances at the time of the review.