Data Protection Officer (GMG/SEG 3)

The Data Protection Officer (DPO) is responsible for advising on, monitoring, and ensuring the Commission’s compliance with the Data Protection Act and related regulations.

JOB SUMMARY

The Data Protection Officer (DPO) is responsible for advising on, monitoring, and ensuring the Commission’s compliance with the Data Protection Act and related regulations. The post holder will oversee the implementation of the Commission’s data protection and privacy framework, conduct compliance monitoring and audits, provide guidance to internal stakeholders, and serve as the primary point of contact with the Office of the Information Commissioner and other relevant authorities on data protection matters.

Key Responsibilities

Strategic and Advisory Responsibilities

• Advise the Board of Commissioners, Chief Executive Officer, and Senior Management on obligations under the Data Protection Act and related legislation
• Provide technical input into corporate policies, procedures, and initiatives to ensure alignment with data protection requirements
• Keep abreast of local, regional, and international developments in data protection and privacy and recommend appropriate actions
• Serve as the official liaison between the Commission and the Office of the Information Commissioner and other relevant oversight bodies
• Contribute to corporate planning processes as they relate to information governance and data protection risk

Operational and Technical Responsibilities

• Lead the implementation, monitoring, and continuous improvement of the Commission’s data protection and privacy framework
• Develop, review, and update data protection policies, procedures, SOPs, templates, privacy notices, and consent mechanisms
• Maintain and update the Register of Processing Activities and conduct regular data mapping exercises
• Monitor compliance with data protection obligations across all Divisions and locations of the Commission
• Conduct data protection impact assessments (DPIAs) and privacy risk assessments for new and existing initiatives
• Investigate and manage personal data breaches, working closely with ICT and relevant stakeholders, and ensure timely reporting to the appropriate authorities
• Provide guidance on data subject rights, including access, correction, restriction, and erasure requests, ensuring statutory timelines are met
• Conduct internal audits and compliance reviews and recommend corrective actions where necessary
• Promote a culture of data protection awareness and compliance through sensitization and training programmes
• Prepare routine and special reports on data protection compliance for Senior Management and the Board

Training and Capacity Building

• Develop and deliver data protection awareness and compliance training for staff, contractors, and other relevant stakeholders
• Provide ongoing advisory support to Divisions engaged in the processing of personal or sensitive data
• Support continuous improvement in data handling practices across the organization

Performance Standards

• Compliance with the Data Protection Act and applicable regulations
• Timely submission of reports, assessments, and statutory notifications
• Effectiveness of data protection policies, procedures, and controls
• Quality and timeliness of advice provided to management and staff
• Level of staff awareness and adherence to data protection requirements

Minimum Required Qualification and Experience

• Degree in Information Security, Data Protection, Law, Computer Science, Information Systems, or a related field
• At least three (3) years’ experience in data protection, information governance, compliance, risk management, or a related area
• Sound knowledge of the Data Protection Act and associated regulations
• Training or certification in data protection or privacy management will be an asset
• At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., (preferred).

Authority

• Advise and make recommendations to Management and the Board on data protection and privacy matters
• Recommend corrective actions and risk mitigation measures arising from audits and assessments
• Recommend training, awareness, and compliance initiatives to strengthen data protection practices

GRADE: GMG/SEG 3

 Remuneration: Salary Scale $5,198,035.00 – $6,990,779.00 per annum plus gratuity

 Application along with detailed Curriculum Vitae should be submitted no later than March 1, 2026.