Data Protection Officer Job in Kenya

Basic job summary:

The job holder will ensure effective management of the University data processes and controls by developing, reviewing and implementing Inspection and Compliance strategies, policies, Standards and procedures in accordance with Personal Data Protection Laws.

Duties & Responsibilities:

Point of Contact & Collaboration:

Act as the university’s primary liaison with the Data Protection Commissioner’s office, regulatory authorities, internal teams, and external partners.

Facilitate effective communication and collaboration on data protection matters.

Framework & Implementation Plan:

 Develop and oversee the implementation of a comprehensive Data Protection framework and action plan tailored to the university’s specific needs and legal requirements.

Compliance Oversight & Education:


 Ensure adherence to essential elements of the Data Protection Act, including data processing principles, data subjects’ rights, privacy by design, and security measures.

 Conduct training sessions and awareness programs to educate stakeholders (faculty, staff, students) on their rights, obligations, and responsibilities under data protection laws.

 Incident Management & Response:

 Collaborate with Information Security teams to establish and maintain a robust incident management plan for data breaches.

Conduct impact assessments and ensure timely and appropriate responses to incidents, complaints, and subject access requests (SARs).

Policy Development & Guidance:

 Draft, update, and communicate detailed data protection policies, procedures, and guidelines.

 Provide expert guidance and consultation on privacy-related issues, including privacy breaches and compliance with regulatory requirements.

Risk Assessment & Reporting:

 Conduct regular risk assessments to identify and mitigate data protection risks across university processes and systems.

 Prepare and present regular compliance reports to management, highlighting any risks or non-compliance issues.

 Audits & Inspections:

 Perform scheduled audits and inspections of data controllers and processors within the university to ensure adherence to data protection laws and internal policies.

 Implement corrective actions and recommendations based on audit findings.

Data Processing Activities Oversight:

 Evaluate and monitor all data processing activities within the university, ensuring lawful and ethical practices.

 Maintain records of processing activities as required by regulations.

Privacy Impact Assessments (PIAs):

 Conduct Data Protection Impact Assessments (DPIAs) for high-risk data processing activities, documenting findings and recommending mitigating measures.

Continuous Improvement & Compliance:

 Stay abreast of developments in data protection laws and best practices, updating policies and procedures accordingly.

 Drive a culture of continuous improvement in data protection compliance across the university.


Minimum Requirements:

 Bachelor’s degree in Information Communication Technology, Data Science, Computer Science, Law or an equivalent from a recognized and accredited institution;

 Minimum of three (3) years of experience in a similar or related position.

 Work experience in data protection and legal compliance is an added advantage.

 Systems Audit certification from a recognized and accredited institution; and

 Hold at least one Data Protection or Privacy certification.

Competencies and Attributes

 Knowledge of higher education processes and practices

 Proficient knowledge of data processing and computer applications

 Solid knowledge of GDPR and the Kenyan data protection laws

 Knowledge of data processing operations in the education sector is preferrable

 Familiarity with computer security systems

 Proficiency with software for preparing reports and presentations.

 Ethical, with the ability to remain impartial and report all noncompliance  noncompliance

 Organizational skills with attention to detail

 Excellent communication skills

 Ability to handle confidential information

How To Apply

Are you qualified for this position and interested in working with us? We would like to hear from you. Kindly send us a copy of your updated resume and letter of application (ONLY) quoting “DATA PROTECTION OFFICER” on the subject line to recruitment@strathmore.edu by 28th May 2024.