The Data Protection & Compliance Officer will support the Company Secretary & Director Legal & Compliance in establishing and maintaining a robust and effective compliance framework. This role is pivotal in the implementation of the data protection framework designed for the company, ensuring effective management of Kenya Airways' data processes and subjects in compliance with the Personal Data Protection Regulations of Kenya and GDPR. The successful candidate is expected to adopt the highest standards of compliance and governance in line with best practices, laws, and internal policy standards.
Key Responsibilities
Compliance Management
Support the implementation of a compliance management framework and system to ensure compliance with industry regulations and internal policies covering global operations.
Keep abreast of regulatory developments and evolving best practices in compliance control.
Review compliance policies and procedures regularly to ensure they comply with statutory and regulatory requirements.
Implementation of the Data Protection Framework
Implement a comprehensive enterprise-wide data protection program in line with the Kenya Data Protection Regulations and GDPR.
Manage principles of data processing, data subjects’ rights, privacy by design, and records of processing activities.
Implement draft data protection policies and contract templates to remediate existing gaps in processes.
Coordinate Data Protection Impact Assessments (DPIAs) and monitor compliance within global operations.
Data Breach Response Plan
Implement and coordinate a data breach response plan, ensuring timely remediation of incidents.
Manage impact assessments, breach response, complaints, investigations, and reporting claims.
Respond to subject access requests (SARs) within statutory requirements and maintain the company's personal data breach log.
Report data breaches to the Office of the Data Protection Commissioner of Kenya and other relevant global structures.
Stakeholder Management
Act as the primary point of contact for the Office of the Data Protection Commissioner and other supervisory authorities.
Coordinate relationships with internal and external stakeholders including regulators for information sourcing and communication.
Collaborate with risk champions and internal audit to remedy control gaps.
Training and Reporting
Prepare standard and ad-hoc reports on compliance status for the company leadership and the Office of the Data Protection Commissioner.
Support the implementation of the compliance and data protection training calendar.
Coordinate the development of training content and build capacity for risk and compliance champions across the institution.
Requirements and Qualifications
Bachelor’s degree in Law or an IT-related field.
General Data Protection Regulation (GDPR) Certification.
Certification or knowledge in Data/Information Privacy with the ability to run a privacy program.
Minimum 5 years of practical experience in data protection, preferably in a regulated or busy commercial environment.
Proven track record of managing privacy programs across multiple geographies or a "Group" structure.
Sound knowledge of the Kenya Data Protection Act (KDPA), Regulations, and GDPR.
Master’s degree in Law, IT, Business, or related fields is an added advantage.
Membership in Data Protection & Privacy Associations or professional bodies.
How to Apply
Interested and qualified candidates should apply through the official Kenya Airways careers portal at https://careers.kenya-airways.com. Ensure you meet the minimum qualifications and experience requirements before submitting your application.
