Legal Consultant on Personal Data Protection

Job Description

This is a local position for Serbian nationals. To apply, CVs should be submitted to gai-belgrade@checchiconsulting.com by the deadline stated above. Please put “GAI STTA - Data Protection” in the subject line.

USAID Government Accountability Initiative (GAI)

Legal Consultant on Personal Data Protection

Background and goal

The Government Accountability Initiative (GAI) is a four year, USAID-funded activity, aimed at strengthening capacities and connections of key Serbian stakeholders to increase government accountability at the national and local levels.

Component 3 of GAI, Adjudication of Corruption Cases, supports the Supreme Court of Cassation (SCC), Republic Public Prosecutor’s Office (RPPO), Ministry of Justice (MOJ), specialized anti-corruption court units and prosecutors’ offices. The project was awarded in February 2018, and is implemented by Checchi and Company Consulting, Inc.

Under Component 3 Adjudication of Corruption Cases, GAI will:

1. Support anti-corruption specialized court units in implementing the new Law on the Organization and Jurisdiction of State Organs in Fight against Organized Crime, Corruption and Terrorism Financing.
2. Develop procedures and methodology for data collection, record keeping and statistical reporting on corruption cases.
3. Establish an electronic register of corruption cases (ERCC) to support information sharing between different institutions working on the investigation and prosecution of corruption cases.

The Action Plan for Chapter 23, Activity 2.3.4.3, foresees establishing a model of unique record keeping (electronic register) for criminal offenses with an element of corruption, in accordance with the law governing the protection of personal data.

It is envisioned that established specialized anti-corruption units in courts and public prosecutor`s offices will be supported with appropriate procedures for quality data collection and analysis, which in turn would enable policy makers to pinpoint obstacles and bottlenecks to successful prosecution and adjudication of corruption cases. To this end, GAI will help establish a system for the collection of unified statistics on corruption, distinguishing clearly between different types of criminal offences, the length of cases, outcome of the proceedings, etc. GAI will approach the creation of an ERCC from legal, technical (hardware/software) and business process streamlining angles simultaneously.

The mechanism will draw wherever possible from the existing case management systems for courts and public prosecutors` offices (AVP, SAPO, SIPRES), and will be designed specifically to offer information meeting the needs of the SCC, MOJ, and indirectly the EU and others. Provision of this data should allow stakeholders to accurately monitor case flows and the increased number of corruption cases taken on by courts and public prosecutors` offices, among other activities.

In Serbia, the 2008 Personal Data Protection Act governs the collection and use of personal data. Serbia has still not implemented the EU Data Protection Directive (95/46/EC). A new Data Protection Law, that for the most part incorporates the EU standards, is in preparation and should be adopted in 2018. The main law governing collection and data processing in judicial organs is the 1989 Law on Organization and Unified Methodology for Collection, Recording and Data Processing for the Needs of Judicial Organs of Interest for the Country, and the accompanying Rulebook from 2005. GAI proposes to hire an expert with expertise in personal data protection legislation in Serbia and the EU standards (including the new EU General Data Protection Regulation – GDPR) which should analyze current legal framework that would allow creation of an ERCC and identify any legal impediments in current law for creation of an ERCC.

Tasks

The expert will undertake the following tasks:

• Interview key stakeholders (Ministry of Justice, Commissioner for Free Access to Public Information and Data Protection, etc) and discuss personal data collection, processing and protection when being used as part of case management systems in judiciary, and electronic exchange such data with other institutions (including Ministry of Justice) through the judicial information systems;
• Provide comprehensive expert review of applicable laws and bylaws in the Republic of Serbia, or draft legislation, which regulate personal data collection, processing and protection in the existing case management systems (AVP, SAPO, SIPRES), as well as an overview on data protection in line with the existing regulation relevant to establishing of an ERCC;
• Identify data protection requirements for an ERCC and provide detailed comments on the necessary changes in the legal framework relating to personal data protection and registries, with specific change to provide legal grounds for data collection, processing and protection in the case management systems in Serbia, free movement of data through judicial information systems and creation of an ERCC;
• Produce the final report on the activities undertaken with the brief summary of the work performed;
• Collaborate with other GAI consultants working on an ERCC to ensure required comparability of recommendations;
• Briefings on progress and final results as requested by USAID and GAI.

Period

The total level of effort for the task is not to exceed 30 days of work.

The work is anticipated to be completed during the period September - October 2018.

Deliverables

• Activity Plan – detailing timeframes for conducting activities and deadlines for preparing deliverables;
• Two workshops with the representatives of key stakeholders;
• Final report including:

1. Legal analysis with comprehensive comments on existing legal framework (applicable laws and bylaws in the Republic of Serbia, as well as draft legislation), and a set of proposed changes, with regard to personal data collection, processing and protection when being used as part of case management systems in judiciary, access of such data by other institutions through the existing electronic judicial information systems;
2. Data protection requirements for the creation of an ERCC;
3. A brief summary of the activities and methodologies used to perform the work.

All deliverables should be prepared in both English and Serbian language.

Qualifications

This is a Junior-level (3+ years of experience) or Mid-level position (7+ years of experience). In addition, the following qualifications are required:

• Degree in law, preferably Master`s or equivalent;
• Previous working experience in institutions dealing with data protection will be considered as an advantage;
• Demonstrated familiarity with the EU standards on personal data protection and related Serbian legislation;
• Excellent written and oral communication skills in English and Serbian.

About the Organization

Checchi and Company Consulting, Inc. (Checchi) has worked in international development for over 40 years. The company has operated in more than 140 countries, including a number of fragile states and post-conflict zones, and has implemented nearly 300 long-term contracts. Checchi’s principal areas of specialization include rule of law, anticorruption and monitoring and evaluation (M&E). Since launching one of the first international rule of law practices in the late 1980s, Checchi has provided technical assistance and training in the core areas of improving access to justice; court systems administration; legislative and policy reform; judicial training and legal education; public legal awareness; and security sector reform. The company has implemented a number of long- and short-term activities focused exclusively on anticorruption. In addition, many of Checchi’s rule of law projects have included significant anticorruption components and activities. Checchi’s M&E work encompasses projects in more than 50 countries and spans the spectrum of quantitative, qualitative, and mixed approaches to managing and evaluating performance.