The Ministry of Digital Economy and Entrepreneurship

Terms of Reference: Personal Data Protection Director

Youth, Technology, and Jobs Project

About the Ministry of Digital Economy and Entrepreneurship

The Ministry of Digital Economy and Entrepreneurship (MoDEE) leads Jordan’s national efforts to shape and implement policies and strategies that advance the digital economy, accelerate digital transformation, strengthen the innovation and entrepreneurship ecosystem, and enhance citizen-centric digital government services.

Through strategic partnerships and coordination with public and private stakeholders, MoDEE plays a pivotal role in fostering inclusive economic growth and supporting the adoption of digital opportunities. These efforts contribute to positioning Jordan as a regional and global leader in the digital economy.

About the Youth, Technology, and Jobs Project

The Youth, Technology, and Jobs (YTJ) Project, launched in 2020, builds on Jordan’s competitive advantage in the Information and Communication Technology (ICT) sector. Through a combination of incentive packages, strategic partnerships, and capacity-building programs, YTJ aims to support a competitive and highly skilled ICT sector and workforce capable of meeting the needs of regional and global markets.

Implemented by MoDEE and funded by the World Bank Group, the project seeks to support and expand digitally enabled income opportunities in Jordan.

The Personal Data Protection Directorate

In alignment with the Economic Modernization Vision (EMV) and MoDEE’s mandate to lead national digital transformation and strengthen governance of the digital economy, and pursuant to the Personal Data Protection Law (PDPL) No. (24) Of 2023, MoDEE established the Personal Data Protection Directorate.

The directorate serves as the body responsible for providing strategic leadership, regulatory guidance, and oversight across both public and private sectors to ensure compliance with the law. Its mandate includes promoting lawful and responsible personal data processing, monitoring compliance, and contributing to the development of a robust personal data protection ecosystem aligned with national priorities, international standards, and the EMV objectives.

Reporting Line: Reports to the Executive Director of Strategies, Future, and Entrepreneurship.

1. Roles and Responsibilities

Provide executive leadership and strategic direction to implement the directorate’s mandate and ensure the effective delivery of regulatory guidance, compliance oversight, and awareness initiatives that strengthen data protection governance and promote consistent compliance across public and private sectors.

• Oversee the overall operations of the directorate, including planning, coordination, and performance management, to ensure coherent and integrated delivery.

• Lead the development, implementation, and continuous enhancement of regulatory frameworks, policies, procedures, strategies, instructions, and guidelines to ensure effective national compliance with the Personal Data Protection Law.

• Establish and maintain a robust compliance monitoring and oversight framework, including risk-based supervision, audits, investigations, and corrective actions, while upholding impartiality, transparency, and accountability.

• Guide and coordinate stakeholder engagement and capacity-building initiatives across public and private sectors to promote awareness, institutional readiness, and adherence to the PDP law.
• Collaborate with international experts, regulatory counterparts, and specialized institutions to strengthen understanding of global data protection practices and support the development of informed regulatory guidance and compliance practices.

• Provide credible and authoritative leadership in data protection governance to ensure alignment of the directorate’s mandate and work plan with national digital transformation objectives and the Economic Modernization Vision (EMV).

• Serve as the primary liaison between the directorate and the PDP Council, ensuring timely and structured reporting on deliverables and compliance status, and supporting the implementation of the Council’s decisions and priorities.

• Provide expert advice and consultation to the PDP Council on regulatory frameworks, policies, and strategies related to data protection, including guidance on managing violations and misuse of personal data.

• Engage the directorate in forums, summits, panels, and conferences to promote data protection principles and privacy-by-design across policies, systems, and digital services.

• Ensure sound internal governance, effective resource management, and institutional development, including strengthening team capabilities and competencies, and fostering a culture of integrity and professionalism.

Sections under the Directorate

• Regulatory Affairs and Compliance Section
• Awareness and Education Section
• Licensing, Permits, and Records Section
• Customer Service Section

1. Eligibility and Minimum Qualifications

• Minimum of 10 years of relevant experience in data protection, data privacy, data governance, or personal data compliance, or regulatory and governance functions in the public or private sector ,
• Including at least 4 years in senior leadership roles, or equivalent experience demonstrating increasing levels of responsibility.
• Experience supporting the establishment or strengthening of data protection frameworks, compliance programs, and monitoring mechanisms.
• Demonstrated ability to lead multidisciplinary teams and manage diverse stakeholder networks, across government entities, private sector actors, and international organizations.
• Experience in PDPL and GDPR is highly desirable.
• Strong strategic leadership with the ability to translate vision and operational plans into measurable outcomes.

• Deep knowledge of data protection principles and standards, including international frameworks and emerging privacy trends.

• Strong understanding of regulatory and compliance mechanisms, including risk-based oversight, audit, and compliance methodologies.

• Excellent presentation and communication skills, with the ability to interact effectively with senior officials, regulators, industry leaders, and civil society.

• High analytical and decision-making capability, with sound judgment in complex legal and regulatory contexts.

• Strong organizational and change management skills, with the ability to lead institutional development and strengthen internal capabilities.

• Excellent command of both Arabic and English.

1. Education Requirements

• Bachelor’s degree in Engineering (Electrical, Computer, Industrial, or any related fields), Computer Science, Information Security, Information Technology, Law, Public Policy, or a closely related field.

• A master’s degree in Law, Data Protection, Information Security, Public Policy, or Governance is desirable.
• Professional certification in data protection, data privacy, or information security (e.g., CIPP/E, GDPR – DPO, CIPM, ISO 27001, and ISO 27701) is highly desirable.

1. Duration of Assignment

The contract duration is until the end of the YTJ project, with the possibility of renewal subject to satisfactory performance and extension of the project.