Data Protection & Compliance Officer

Key Responsibilities

Compliance Management

• Support implementation of a compliance management framework and a compliance system to ensure compliance with industry regulations and internal policies covering global operations.
• Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
• Review compliance policies and procedures on a regular basis to ensure they comply with statutory and regulatory requirements.

Implementation of the Data Protection Framework

• Implement a comprehensive enterprise-wide data protection program in line with essential elements of the Kenya Data Protection Regulations & GDPR (principles of data processing, data subjects’ rights, privacy by design, records of processing activities, security of processing, breach escalation, and records management).
• Implement draft data protection policies and contract templates to remediate existing gaps in processes and ensure alignment with global standards (e.g., GDPR).
• Maintain records of all data assets and exports in conjunction with relevant internal stakeholders.
• Identify and evaluate Kenya Airways’ data processing activities.
• Coordinate Data Protection Impact Assessments (DPIAs).
• Monitor data protection procedures and compliance within the Kenya Airways’ global operations.

Data Breach Response Plan

• Implement a data breach response plan and coordinate its activities.
• Ensure timely remediation of incidents, including impact assessments, breach response, complaints management, claims or notifications, and responding to subject access requests (SARs).
• Maintain the personal data breach log of the company.
• Report data breaches to the Office of the Data Protection Commissioner of Kenya and other global structures as required.

Stakeholder Management

• Act as the point of contact with the Office of the Data Protection Commissioner, other supervisory authorities, and internal/external stakeholders.
• Coordinate and maintain relationships with regulators for information sourcing, communication, and achievement of timely actions.
• Liaise with regulators and external networks on best practice updates on data protection regulations.
• Collaborate with risk champions and internal audit to remedy control lapses/gaps.

Reporting

• Prepare and provide standard and ad-hoc reports on compliance with data protection regulations to leadership.
• Provide relevant periodic reports to the Office of the Data Protection Commissioner of Kenya.
• Provide regular status updates to management and draw immediate attention to compliance exposures for remedial action.

Training

• Support the implementation of the compliance and data protection training and awareness calendar.
• Coordinate development of training content and setup of training sessions.
• Build capacity of risk & compliance champions across the institution.

Skills and Qualifications

• Education: Bachelor’s Degree in business, law, or related fields.
• Certifications: Qualifications in data protection would be beneficial but are not essential.
• Experience: Minimum 5 years of experience implementing controls; experience implementing data protection guidelines is essential.
• Knowledge: Sound knowledge of Kenya Data Protection Regulations & GDPR is essential; knowledge of internal controls and risk assessment methodologies.
• Technical Skills: Tech-savvy with good analysis and report writing skills.
• Soft Skills: Strategic, creative, and analytical thinker.

How to Apply

Interested and qualified candidates should apply online via the Kenya Airways career portal at careers.kenya-airways.com. You can also use the direct application link: Apply Now.