Data Protection Officer

The Data Protection Officer (DPO) ensures compliance with the Data Protection Act (2020), managing personal data processing for staff, customers, and stakeholders.

Job Title: Data Protection Officer
Grade: GMG/SEG 3
Reports to: Chief Executive Officer
Unit: Executive Office

Job Purpose:
The Data Protection Officer (DPO) ensures that the Agency adheres to legislative requirements under the Data Protection Act (2020), managing the processing of personal data for staff, customers, and other stakeholders. The DPO also serves as the primary contact for supervisory authorities and individuals regarding data protection issues.

Key Responsibilities:

• Implement privacy governance frameworks to comply with the Data Protection Act.
• Collaborate with IT to manage data security incidents, including impact assessments and breach responses.
• Monitor ICT systems to ensure compliance with data protection laws.
• Review and document the legal basis for processing personal data and revise policies as necessary.
• Identify compliance breaches and provide legislative advice to management.
• Serve as the primary contact for data protection authorities and resolve any doubts regarding legal applications.
• Conduct data protection impact assessments to ensure regulatory compliance.
• Provide guidance and training to staff on their obligations under the Act.

Key Outputs:

• Data protection frameworks and strategies developed and implemented.
• Impact assessments conducted and breaches reported.
• Continuous monitoring and reporting of compliance.
• Governance mechanisms evaluated and recommendations made.
• Sensitization and training sessions delivered.

Required Competencies:

• Strong understanding of legal, regulatory, and data protection standards.
• Ability to manage external relationships and strategic vision.
• Proficient in technology use and client management.
• Strong teamwork, communication, and organizational skills.

Minimum Required Education and Experience:

• Bachelor’s degree in Law, Computer Science, Audit, or a related field.
• Certification in Data Protection or Information Security (preferred).
• Three years of relevant work experience.

Special Conditions:

• Must manage critical deadlines under pressure.
• May require travel and abnormal working hours.

Authority:

• The DPO has access to all personal data processing operations and works independently.
• Handles queries and complaints regarding data protection and recommends improvements in corporate governance.