Data Protection Officer at Jubilee Insurance

Job Ref. No: JLIL 375

Role Purpose

• The purpose of this role is to establish, implement and enforce a robust Data Protection and compliance framework and systems (policies, processes and tools) to ensure that Jubilee Insurance companies are compliant with the Data Protection Act and Regulations.

Main Responsibilities

Strategy

• Collaborate with senior management and other key stakeholders to implement the strategic direction for Data
• Protection Function with the Life Company. This involves analyzing market trends, assessing industry dynamics, and identifying opportunities for improvement and growth.
• Keep abreast of regulatory developments and industry initiatives and advise management accordingly.
• Data Privacy Impact Assessments: Conduct privacy impact assessments for new products, processes, or systems that involve the collection and processing of personal data.
• Data Retention Policies: Develop and enforce data retention policies to ensure data is retained only for the necessary period and in accordance with legal requirements.

Operational

• Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies.
• Evaluate the existing data protection framework to identify areas of no or partial compliance, maintaining a register of all compliance levels and rectify any issues that may arise.
• Guiding the Company, departments, and all support functions on implementation of Data Protection Act requirements and supporting them to ensure compliance with the Act.
• Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements.
• Conducting audits to ensure compliance, accountability and address potential issues proactively.
• Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities through co-operating with them during inspections and by responding to any complaints or queries raised with regards to Data Protection.
• Monitoring performance and adherence to the requirements to relevant regulation while providing advice on the data protection impact assessment. 
• Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities.
• Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, and measures the company has put in place to protect personal and/or sensitive information and raise awareness on all of the above.
• Advising and recommending the interpretation and/or application of the Data Protection Act or any other written law on data privacy.
• Handling queries or complaints internally or externally regarding data confidentiality and use.
• Providing status updates to the Head of Risk & Compliance, Senior and Middle Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirements.
• Creating an Information Base: Guide and support on the creation of an information based on Data Protection and any other elements which may be helpful to the controllers and the staff of the organization.
• Relationship Building: Build a stable professional relationship with data controllers providing advice where necessary and investing time and efforts in showing the benefits of data protection compliance.
• Support the business in preparation of digital and other privacy statements as may be required for the business and ensure processes are put in place for collection of consents from the relevant data subjects and partners
• Ensure the business has relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums.
• Preparing an annual work programme at the beginning of each year for the upcoming year for the sign-off by the

Head of Risk & Compliance.

• Networking with other Data Protection Officers to share information and keep up with information and emerging trends around data protection as well as following up on change in laws and make recommendations on changes required. 

Corporate Governance

• Compliance: Stay updated on industry regulations, compliance requirements, and best practices.
• Adherence to the laws and regulations of Kenya, the policies and regulations within the insurance industry and all internal company policies and procedures.
• Ensuring compliance with applicable statutory and regulatory requirements and establishing mitigation measures against emerging business risks.
• Implement effective risk management strategies, including appropriate internal controls, to mitigate operational, financial, and regulatory risks.

People & Culture

• Cross-Functional Collaboration: Actively participate in cross-functional project teams to drive collaboration, innovation, and accountability across departments and the Group.
• Employee Collaboration Index: Participate in a minimum of 2 company projects per year with an 80% success rate and engage in at least 1 Group-wide project per year.
• Skills and Competency Development Index: 100% compliance with your training plan annually to support personal and professional growth, ensuring alignment with career paths and future challenges.
• Cultural Alignment Index (CAI): Attain the Company’s CAI target score by embedding Jubilee’s values (e.g., innovation, teamwork, excellence) into project execution and team dynamics.
• Conflict Resolution: Address interpersonal or project-related conflicts constructively, maintaining team morale and focus on shared goals.
• Resource Advocacy: Communicate needs (e.g., tools, training, support) to supervisors to ensure personal and team success

Jubilee Life Brand

• Uphold the Company’s brand integrity by ensuring responsible data governance and compliance with data protection requirements.

Key Competencies

• In-depth knowledge of life insurance regulations and industry practices.
• Strong understanding of AML, KYC integrity, and Data Privacy requirements.
• Analytical and problem-solving skills to assess and address compliance risks.
• Excellent communication and interpersonal skills to educate and advise stakeholders.
• Ability to collaborate effectively with cross-functional teams.
• Detail-oriented with strong organizational and time management abilities.
• Proactive approach to staying updated on regulatory developments.
• Leadership and influencing skills to drive data protection compliance initiatives across the organization.

Academic Background & Relevant Qualifications

• Bachelor’s degree in law or any other related Degree.
• Advanced degree or professional certifications in Data Protection.
• Minimum 3-4 years’ experience within the data protection sector, risk management and compliance space.
• In-depth knowledge of life insurance industry.
• Proven track record of successfully implementing strategic initiatives and driving process improvements.