Cyber Security, data protection
Permanent employment
Doctorate/PhD (EQF 8), Master (EQF 7)
Apply before:
Hours p/wk:


The Position

As Data Protection and Governance Officer for the EU, you are part of NCC Group’s Data Privacy team. Our team supports the entire organization with all kinds of data privacy issues. In your role as DPO (EU), although based at Fox-IT’s office in Delft, you will be the key contact for all EU colleagues. You will be responsible for actively propagating, monitoring and further implementing the privacy policy within the EU, assisting with contractual privacy issues and you will play an important role in improving day-to-day processes. You will also advise the various business unit managers on the privacy issues they encounter in practice and pro-actively come up with solutions. You’ll report into the Chief Data Protection and Governance Officer, with whom you will work closely.


Our ideal candidate for this position obviously has extensive knowledge of the legal framework related to the privacy domain and can successfully complete projects in an independent and structured manner. In view of the sensitive information you might handle and given the nature of our company, your work will be accurate and you will be extremely discreet. The business NCC Group operates in makes this position extremely interesting and challenging for you.



Key elements of the role will include:

  • Assessment of EU and Dutch Data Protection (DP) & Privacy laws, including creation and maintenance of a comparison against the GDPR, to identify local divergences and hence facilitate agreement of the global approach to key topics (i.e. incident management, data subjects’ rights, contractual obligations and transfer requirements / mechanisms).
  • Ensuring global policies, standards, guidance and associated documentation reflect European and Dutch DP & Privacy legislative requirements.
  • Act as lead for all DP & Privacy advice and guidance provided to the European businesses, to include appropriate queries from Legal in relation to client contracts / queries, suppliers and other data-sharing relationships such as vendors and partnerships.
  • Creation of European DP & Privacy training materials, including high risk role training as appropriate.
  • Conduct and maintain gap analyses for each European business including ensuring controls are agreed with senior management and progress is monitored on a regular basis.
  • Provide support to the Chief Data Protection and Governance Officer in relation to European data incidents, complaints, rights requests as well as forthcoming European legislative requirements and emerging information risks.
  • Provide support and direction to the European Data Protection Champions & the European Leadership Team.
  • Manage NCC Group’s approach to data incident and breach response for all suspected incidents or breaches within Europe, including collaboration with all key stakeholders (e.g. CISO, HR, IT and Legal as required).
  • Provide management information (including data breach investigations, data subject rights requests, DPIAs and emerging risks) to the Chief Data Protection and Governance Officer and European leadership to inform strategy and ensure transparency.
  • Feed in to the global data protection strategy, including escalation of European-specific conflicts in regulation to the Chief Data Protection and Governance Officer, to ensure a ‘one firm, one way’ approach.
  • Support the Chief Data Protection & Governance Officer in the creation of a data governance framework to ensure policies, standards, guidance, training, data dictionaries, inventories and governance forums are in place.
  • Supporting the development of a global risk management programme to ensure information risks and opportunities are identified, assessed and managed for NCC Group, including ensuring any EU-specific requirements are reflected in the programme.
  • Improve NCC Group’s maturity towards a data ownership model including data stewards and data custodians.
  • Enable the EU business to make strategic decisions about data based on the data governance framework.


Our ideal candidate...

  • Has a completed MSc. degree and extensive multi-year experience within the business community on the cutting edge of privacy
  • Demonstrates knowledge of the GDPR (CIPP / E is a plus)
  • Is able to give practical, useful advice that takes into account the business of NCC Group
  • Can assess processor agreements independently
  • Is able to listen, reflect and take initiative
  • Manages both the Dutch and English language excellently
  • Is available for at least 32-40 hours per week