Data Protection Officer

JOB PURPOSE:

Under the general direction of the Chief Executive Officer, the Data Protection Officer has the responsibility to monitor compliance and data practices to ensure the Authority and its functions comply with the applicable legislative requirements under the Data Protection Act (2020) in the processing of the personal data of its staff, customers, providers or any other individuals. 

The Data Protection Officer will serve as the primary contact for supervisory authorities and individuals whose data is processed by the Authority. 

KEY OUTPUTS:

• External regulations (Data Protection Act) and internal controls adhered to;
• Data Protection framework and strategy developed and implemented; 
• Data protection impact assessments conducted; 
• Breaches identified and notifications prepared; 
• Reports prepared and submitted; 
• Continuous monitoring conducted; 
• Adherence/compliance with standards monitored; 
• Governance and accountability mechanisms evaluated and recommendations made;
• Research and analysis conducted and findings documented; 
• Continuous improvement strategies developed and implemented; 
• Advice and recommendations provided; 
• Sensitization sessions conducted. 

KEY RESPONSIBILITIES:

• Implements strategies and a privacy governance framework to manage data used in compliance with the Data Protection Act; 
• Develops and implement a privacy governance framework and strategies to manage data use; 
• Collaborates with the Information Technology & Business Services Section in the maintenance of a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications and responding to subject access requests; 
• Monitors to ensure that the Authority’s ICT Systems and procedures comply with the relevant data privacy and protection law, regulation and policy; 
• Evaluates existing policies and procedures to coordinate internal practices and to ensure compliance with regulations; 
• Reviews the Authority’s internal control mechanisms to ensure that they are aligned with standards outlined in the Data Protection Act;
• Reviews and document legal basis for processing personal data; 
• Periodically revising the data protection plan in light of changes in laws, regulations and policies; 
• Identifies compliance breaches as they arise and advise management on rules and controls; 
• Provides legislative advice and guidance to the Executive as to gaps identified from the outcome of the Data Protection and Privacy Impact Assessment process; 
• Serves as the primary point of contact for the Lead Supervisory Authority on all data protection matters; 
• Consults with the Office of the Information Commissioner to resolve any doubt about how the provisions of the Act and its regulations are to be applied; 
• Collaborates with Risk, Internal Audit, Legal and other key stakeholders to monitor, implement and analyze compliance programmes; 
• Engages in the timely collection of data, analysis and reporting on key performance measures; 
• Receives and responds to comments and queries from data subjects related to the processing of personal data; 
• Establishes a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning the organization’s privacy policies and procedures; Provides guidance and assistance to data subjects in exercising their rights under the Act (Section 6-13) as it relates to: The right to Access, The right to prevent processing, The right in relation to automated decision making and The right to rectification; Provides advice/information to the Authority and its employees on their obligations under the Act and state data protection provisions; 
• Manages and conducts ongoing reviews of the Authority’s privacy governance framework; 
• Conducts data protection impact assessments by applying data quality controls as prescribed in the Data Governance Framework to determine compliance with regulatory requirements; 
• Shares current information on policies, procedures and legislation that the Authority’s staff should be aware of so as to promote the quality culture; 
• Develops and implements approved certification mechanisms to demonstrate compliance; Collaborates with senior managers in the review and understanding of corporate governance guidelines pertaining to data protection; 
• Keeps abreast of amendments to policies, procedures and legislation and any pertinent developments within the dynamic environments; 
• Monitors and evaluates Authority’s efforts at corrective actions to ensure that findings and recommendations (weaknesses and or deficiencies) are effectively dealt with; Prepares reports and presentations on findings and analysis; 
• Develops strategies and initiatives to ensure engagement with key internal and external stakeholders; 
• Facilitates the training of staff on the components of the Act, Regulations and policies; 

Other Responsibilities 

• Any other related duties that may be assigned from time to time 

KEY COMPETENCIES

• Excellent presentation, oral, and written communication skills. 
• Management experience and team-building skills. 
• Skills in drafting reports and plans. 
• Process design and implementation skills. 
• Good interpersonal and leadership skills. 
• Good facilitation and presentation skills.
• Excellent planning, organizing and analytical skills. 
• Excellent judgment, decision-making, and problem-solving skills. 
• Sufficient knowledge of information technology and data management

QUALIFICATIONS & EXPERIENCE REQUIREMENTS:

• Bachelors’ degree in Law, Computer Science, Audit or equivalent qualification from recognized tertiary institution; 
• Certification in Information Security, Data Protection and/or Privacy Certification such as CIPP,CIPT, ISEB, etc. (preferred); 
• Exposure to legal training; 
• Three (3) years related work experience. 

SPECIAL CONDITIONS OF THE JOB:

• Pressured working conditions with numerous critical deadlines 
• May be required to work abnormal working hours 
• May be required to travel locally and overseas 

Please note that only shortlisted applicants will be contacted.