Assignment for 46 days – period from February 2026 to June 2026

2 days per week to be performed for Sciensano, on-site (main location Site Eurostation-Blerot at Brussels-South)

Organization: Sciensano, scientific institute

He/she fulfills the role of Data Protection Officer. He/she carries out the tasks in close collaboration with various actors within Sciensano, in particular within the Healthdata.be Unit. This unit provides researchers and policy actors in the healthcare domain with technical expertise in developing and managing policy-supporting scientific research databases. The Healthdata.be unit helps healthcare actors exchange medical data with researchers for policy-supporting scientific research in a safe and efficient manner.

The Data Protection Officer assumes all tasks assigned and imposed to such a function by (European and national) regulations, more specifically in accordance with the General Data Protection Regulation and the framework law of July 30, 2018.

He/she is mainly responsible for the following tasks:

• he/she formulates clear advice on the application of the GDPR, in particular in the context of requests for deliberation by the Information Security Committee;
• he/she provides support in registering processing activities and drafting data processing agreements;
• he/she advises on the execution of Data Protection Impact Assessments (DPIA);
• he/she gives internal information sessions and training on the processing and protection of (personal) data;
• he/she supports the services in dealing with requests for access to data by external parties;
• he/she ensures that current and future risks as a result of incidents and breaches regarding the protection of (personal) data are analyzed, reports the identified breaches, and provides the necessary advice;
• he/she is part of national and regional DPO networks and continuously monitors the applicable legislation.

The proposed candidate must at least meet the competencies listed below. This must be evident from the candidate's CV. Candidates who do not meet these minimum requirements will not be considered in the further selection procedure. The technical competencies are listed in order of importance.

• Experience as a Data Protection Officer in the context of health data.
• Demonstrable knowledge of national & European privacy legislation.
• Demonstrable knowledge of data processing at the level of the Flemish, Walloon, or Federal government.
• Demonstrable experience in information security.
• Good knowledge of Dutch/French.
• Willing to work on site (Brussels).