Jobs in PID

ESID is hiring a DPO

Home/ News & Events/ Jobs in PID/ ESID is hiring a DPO

ESID is seeking a Data Protection Officer (DPO) with professional experience and knowledge of data protection law and management services on a freelance consultancy basis, including in the context of the General Data Protection Regulation (GDPR).

Time and effort: 50% (20 hours a week) for the first 3 months followed by approx. 8 hours a week afterwards
Flexible, remote work: must be based in The Netherlands
Tentative start date: As soon as possible*

About us
The European Society for Immunodeficiencies (ESID) is a not-for-profit association that was established in 1994. ESID has been striving to improve knowledge in the field of Primary Immunodeficiency (PID) by encouraging research, developing educational programs and fostering cooperation among all those involved in the diagnosis, treatment and management of these diseases.

Background – the ESID Registry
ESID has developed and maintains a Registry. The aims of the ESID Registry are threefold: to build a common data pool; estimate the disease burden of PID in Europe; and provide an online database for clinical and research data on patients with PID. This database is a platform for epidemiological analyses, which can also serve as a tool relevant for the development of new diagnostic and therapeutic strategies or the identification of novel disease-associated genes. The Registry incorporates a number of European national databases including those of the UK, France, The Netherlands, Spain, Italy and Germany

Job requirements
ESID is registered in The Netherlands (Delft) and is seeking a Data Protection Officer (DPO) with professional experience and knowledge of data protection law and management services on a freelance consultancy basis, including in the context of the General Data Protection Regulation (GDPR). The DPO will help us improve the management of sensitive health and personal information and data associated with the ESID Registry, carry out regular internal data security audits, and act as the main point of contact between ESID and the Dutch and EU data protection authorities and other key stakeholders among other activities.

Objectives of this role:
The DOP must:

  • Ensure that ESID’s policies are in accordance with the GDPR and codes of practice
  • Help ESID demonstrate compliance and be part of the enhanced focus on accountability
  • Inform and advise the controller, its employees, and any associated processors about their obligations to comply with the GDPR and other relevant data protection laws such as Part 3 of the Act
  • Monitor compliance with data protection laws, including managing internal data protection activities
  • Advise on data protection impact assessments, train staff and conduct internal audits
  • Inform and advise the ESID leadership on all matters related to data protection
  • Provide expert advice on Dutch and EU data compliance requirements
  • Promote a culture of data protection and compliance throughout ESID

Daily and monthly responsibilities:

  • Evaluate the ESID Registry’s existing data protection framework, identify areas of non or partial compliance, and rectify any issues
  • Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders pertaining primarily to the Registry and more broadly within ESID as required
  • Be the first point of contact for the Information Commissioner and for individuals whose data is processed (Documenting Centres, patients)
  • Coordinate tasks with privacy representatives in other branches (Documenting Centres; Freiburg University)
  • Perform Internal Audits and reports with regards to the Registry on an as-needs basis 
  • Participate in consent form drafting, development and approval of final versions 
  • Data protection impact assessment, management and execution based on Article 35 of GDPR
  • Maintain records of all data processing activities carried out by the organisation

Education and experience:

  • 3+ years of experience working in Dutch Data Protection and Compliance (preferably in the health industry) 
  • 5+ years of data privacy experience 
  • Expertise in European data protection laws and practices including an in-depth understanding of the GDPR 
  • Strong project management skills 
  • Excellent verbal and written communication skills, with strong attention to detail 
  • Great interpersonal skills and ability to work well both independently and as part of a team 
  • Bachelor’s degree in Business Administration, Information Management, or related field 
  • Relevant postgraduate studies are a plus 
  • One or more of the following certifications: IAPP, CIPP, CIPM, or CIPT is preferred 
  • Fluent in Dutch and English, German is a big plus


  • Competitive compensation 
  • Flexible and remote work / home office policy 
  • Working with top level health researchers from around Europe 
  • Opportunity to support a leading non-profit medical association


Please email your CV, maximum 1 page cover letter, and the contact details (name, title, company, email, phone) of 3 references to: < > by 31 of October 2021. Only shortlisted candidates will be invited to a video call interview with the Registry Working Party Chair.

*ESID may have some flexibility on the start date to accommodate the best candidate.
**Extension of the contract is subject to strong performance, availability of funds and the needs of the association. When the candidate is fitting with the needs of ESID and financial capacity allows, the intention is to extend the contract after the first initial three months for 8 hours a week for a period of one year

You may download the job description here