Data Protection Lead Job in Kenya - NCBA

Data Protection Lead

Job Purpose Statement

  • Enterprise Data Management (“EDM”) is a process that seeks to ensure Data in NCBA Group PLC is accurate and consistent to meet the strategic and business goals. “EDM” has eight key capabilities
    • Data Architecture (DA);
    • Data retention & archiving (DRA);
    • Data quality management (DQM);
    • Metadata management (“MM”);
    • Master data Management (MDM);
    • Data privacy & security (DPS)
    • Business Intelligence and Analytics (BIA)
    • Data governance.

  • The Data Protection Lead will ensure that the bank processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.

The role holder is responsible for the following:

  • Maintaining data protection policies and procedures.
  • Ensure the company’s policy is in accordance with the Kenya Data Protection Act and codes of practice
  • Conducting training and awareness sessions to all Staff on Data Privacy requirements and obligations of the Group
  • Ensuring Data Privacy Impact Assessments are undertaken in line with data privacy laws.
  • Driving implementation of essential elements of the DPA, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches.
  • Overseeing the maintenance of records required to demonstrate data protection compliance.
  • Act as the primary point of contact within the organization for members of staff, regulators, and any relevant public bodies on issues related to data protection
  • Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues

Ideal Job Specifications

  • A Bachelor’s degree in ICT, Law, Business Administration or any other Business-related degree
  • Hold at least one Data Protection and/or Privacy certification

Desired work experience:

  • Minimum 7 years’ experience within ICT, legal, audit and/or risk function handling company data.
  • Well-developed, professional interpersonal skills; ability to interact effectively with people at all levels.
  • Ability to handle confidential and sensitive information with the appropriate discretion and ethics.
  • Experience in managing data incidents and breaches.
  • Good understanding of data processing operations, including information systems, data security and data protection needs of an institution

How to Apply