Purpose
The
role holder will support the Company Secretary & Director Legal &
Compliance in establishing and maintaining a robust and effective compliance
framework. The data protection and compliance officer will play a pivotal role
in the implementation of the data protection framework which has been designed
for the company and will ensure the effective management of Kenya Airways’ data
processes and subjects in compliance with the Personal Data Protection
Regulations of Kenya and GDPR. The company expects that the Data Protection & Compliance
Officer will adopt
the highest standards of compliance and governance in line with best practice,
laws, regulatory and internal policy standards.
Responsibilities
Compliance
Management
- Support implementation of a compliance management framework and a
compliance system to ensure compliance with industry regulations and
internal policies covering the global operation.
- Keep abreast of regulatory developments within or outside of the
company as well as evolving best practices in compliance control.
- Review compliance policies and procedures on a regular basis to
ensure they comply with statutory and regulatory requirements.
Implementation
of the Data Protection Framework
- Implement a comprehensive enterprise-wide data protection program in
line with essential elements of the Kenya Data Protection Regulations
& GDPR such as principles of data processing, data subjects’ rights,
privacy by design, records of processing activities, security of
processing, breach escalation & records management.
- Implement the draft data protection policies and contract templates
to remediate existing gaps with regards to data protection in Kenya
Airways processes and ensure alignment with global standards (e.g., GDPR).
- Maintain records of all data assets and exports in conjunction with
the relevant internal stakeholders.
- Identify and evaluate Kenya Airways’ data processing activities.
- Coordinate Data Protection Impact Assessments (DPIAs)
- Monitor data protection procedures and compliance within the Kenya
Airway’s global operations.
Data
Breach Response Plan
- Implement a data breach response plan and coordinate the activities
of the plan.
- Ensure timely remediation of incidents, including impact
assessments, breach response, complaints, investigations, management,
reporting claims or notifications, and responding to subject access
requests (SARs) within statutory requirements.
- Maintain the personal data breach log of the company.
- Report data breaches to the Office of the Data protection
commissioner of Kenya as provided for in the Data Protection Regulations
as we as any other global structures.
Stakeholder
Management.
- Act as point of contact with the office of the Data Protection
Commissioner, other supervisory authorities, internal and external
stakeholders.
- Coordinate and maintain relationships with various internal &
external stakeholders including regulators for information sourcing,
communication and achievement of timely actions as required.
- Liaise with regulators and external networks on best practice and
updates on data protection regulations and ensure that these are embedded
within the company.
- Collaborate with risk champions and internal audit to remedy control
lapses/gaps.
Reporting
- Prepare and provide standard and ad-hoc information and data reports
on compliance with data protection regulations to the leadership of the
company.
- Provide relevant periodic reports to the Office of the Data
Protection Commissioner of Kenya.
- Provide regular status updates to management and draw immediate
attention to compliance exposures for remedial action.
Training
- Support the implementation of the compliance and data protection
training and awareness calendar, to ensure that knowledge gaps are
eliminated, and critical knowledge requirements are disseminated to staff
on an ongoing basis.
- Coordinate development of training content and setup of training
sessions.
- Build capacity of risk & compliance champions across the
institution.
Skills
- Regulatory Deep-Dive: Comprehensive knowledge of national and
international data protection laws.
- Technical Literacy: Ability to understand data architecture,
encryption standards, and cloud security protocols.
- Influence & Communication: Ability to translate complex legal
requirements into actionable business processes for C-suite stakeholders.
- Risk management: Knowledge of implementing data protection &
privacy frameworks, internal controls and risk assessment data protection
& privacy methodologies, policies and systems.
- Strategic, creative, and analytical thinker.
Qualifications
- Bachelor’s degree in law or IT related field.
- General Data Protection Regulation (GDPR) Certification.
- Certification or knowledge in Data/Information Privacy –
demonstrates the ability to run a privacy program.
- Sound knowledge of Kenya Data Protection Act & Regulations
(KDPA) as well as global regulations.
- Tech Savvy and excellent analysis skills.
- Report and presentation skills.
- Master’s degree in law, IT, Business or related fields is added
advantage.
- Member of Data Protection & Privacy Associations, Bodies or
Societies.
- Knowledge & practical implementation of a Data Protection
Framework Management Program (PDMP) or Framework (PDMF).
- Knowledge of local and global Regulatory Compliance requirements
including Kenya Data Protection Act (KDPA) and Regulations, Regional
Regulations and GDPR.
- Minimum 5 years of practical experience in data protection and
preferably in handling complex data privacy in regulated or busy
commercial environment, implementing controls with demonstrable senior
management or leadership.
- Proven track record of managing privacy programs across multiple
geographies or a “Group” structure.
- Engagement with Data Protection Regulators including Office of the
Data Protection Commission (ODPC) Kenya, as well as regional and
international Data Protection Regulators.
- Experience developing and implementing data protection & privacy
frameworks and guidelines.
- Standardization of compliance & governance structures in line
with Data Protection Commission requirements and multi jurisdictions
legislations and regulations.
- Sound knowledge of Kenya Data Protection Regulations & GDPR is
essential.
- Experience in aviation/regulated or busy commercial environment on
other key national, international compliance standards, legislations, and
regulations.
Additional Information
- Ethics, Integrity & Honesty.
- Good stakeholder management skills.
- Excellent planning and organization skills.
- Emotional Intelligence with excellent communication skills
- Self-drive & Environmental awareness.
How to Apply
