Data Protection & Compliance Officer at Kenya Airways

Purpose

The role holder will support the Company Secretary & Director Legal & Compliance in establishing and maintaining a robust and effective compliance framework. The data protection and compliance officer will play a pivotal role in the implementation of the data protection framework which has been designed for the company and will ensure the effective management of Kenya Airways’ data processes and subjects in compliance with the Personal Data Protection Regulations of Kenya and GDPR. The company expects that the Data Protection & Compliance Officer will adopt the highest standards of compliance and governance in line with best practice, laws, regulatory and internal policy standards.

Responsibilities

Compliance Management

• Support implementation of a compliance management framework and a compliance system to ensure compliance with industry regulations and internal policies covering the global operation.
• Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
• Review compliance policies and procedures on a regular basis to ensure they comply with statutory and regulatory requirements.

Implementation of the Data Protection Framework

• Implement a comprehensive enterprise-wide data protection program in line with essential elements of the Kenya Data Protection Regulations & GDPR such as principles of data processing, data subjects’ rights, privacy by design, records of processing activities, security of processing, breach escalation & records management.
• Implement the draft data protection policies and contract templates to remediate existing gaps with regards to data protection in Kenya Airways processes and ensure alignment with global standards (e.g., GDPR).
• Maintain records of all data assets and exports in conjunction with the relevant internal stakeholders.
• Identify and evaluate Kenya Airways’ data processing activities.
• Coordinate Data Protection Impact Assessments (DPIAs)
• Monitor data protection procedures and compliance within the Kenya Airway’s global operations.

Data Breach Response Plan

• Implement a data breach response plan and coordinate the activities of the plan.
• Ensure timely remediation of incidents, including impact assessments, breach response, complaints, investigations, management, reporting claims or notifications, and responding to subject access requests (SARs) within statutory requirements.
• Maintain the personal data breach log of the company.
• Report data breaches to the Office of the Data protection commissioner of Kenya as provided for in the Data Protection Regulations as we as any other global structures.

Stakeholder Management.

• Act as point of contact with the office of the Data Protection Commissioner, other supervisory authorities, internal and external stakeholders.
• Coordinate and maintain relationships with various internal & external stakeholders including regulators for information sourcing, communication and achievement of timely actions as required.
• Liaise with regulators and external networks on best practice and updates on data protection regulations and ensure that these are embedded within the company.
• Collaborate with risk champions and internal audit to remedy control lapses/gaps.

Reporting

• Prepare and provide standard and ad-hoc information and data reports on compliance with data protection regulations to the leadership of the company.
• Provide relevant periodic reports to the Office of the Data Protection Commissioner of Kenya.
• Provide regular status updates to management and draw immediate attention to compliance exposures for remedial action.

Training

• Support the implementation of the compliance and data protection training and awareness calendar, to ensure that knowledge gaps are eliminated, and critical knowledge requirements are disseminated to staff on an ongoing basis.
• Coordinate development of training content and setup of training sessions.
• Build capacity of risk & compliance champions across the institution.

Skills

• Regulatory Deep-Dive: Comprehensive knowledge of national and international data protection laws.
• Technical Literacy: Ability to understand data architecture, encryption standards, and cloud security protocols.
• Influence & Communication: Ability to translate complex legal requirements into actionable business processes for C-suite stakeholders.
• Risk management: Knowledge of implementing data protection & privacy frameworks, internal controls and risk assessment data protection & privacy methodologies, policies and systems.
• Strategic, creative, and analytical thinker.

Qualifications

• Bachelor’s degree in law or IT related field.
• General Data Protection Regulation (GDPR) Certification.
• Certification or knowledge in Data/Information Privacy – demonstrates the ability to run a privacy program.
• Sound knowledge of Kenya Data Protection Act & Regulations (KDPA) as well as global regulations.
• Tech Savvy and excellent analysis skills.
• Report and presentation skills.
• Master’s degree in law, IT, Business or related fields is added advantage.
• Member of Data Protection & Privacy Associations, Bodies or Societies.
• Knowledge & practical implementation of a Data Protection Framework Management Program (PDMP) or Framework (PDMF).
• Knowledge of local and global Regulatory Compliance requirements including Kenya Data Protection Act (KDPA) and Regulations, Regional Regulations and GDPR.
• Minimum 5 years of practical experience in data protection and preferably in handling complex data privacy in regulated or busy commercial environment, implementing controls with demonstrable senior management or leadership.
• Proven track record of managing privacy programs across multiple geographies or a "Group" structure.
• Engagement with Data Protection Regulators including Office of the Data Protection Commission (ODPC) Kenya, as well as regional and international Data Protection Regulators.
• Experience developing and implementing data protection & privacy frameworks and guidelines.
• Standardization of compliance & governance structures in line with Data Protection Commission requirements and multi jurisdictions legislations and regulations.
• Sound knowledge of Kenya Data Protection Regulations & GDPR is essential.
• Experience in aviation/regulated or busy commercial environment on other key national, international compliance standards, legislations, and regulations.

Additional Information

• Ethics, Integrity & Honesty.
• Good stakeholder management skills.
• Excellent planning and organization skills.
• Emotional Intelligence with excellent communication skills
• Self-drive & Environmental awareness.