Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya - incorporated with effect from January 1, 2016 - and all KCB's regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It als...
Read more about this company
Act as the primary point of contact within the Bank for data privacy issues for members of staff, regulators, and any relevant data protection authorities.
Ensure the Bank’s policy is in accordance with the Data Protection Act, 2019.
Evaluate the existing data protection framework and identify areas of non or partial compliance and resolve any issues.
Conduct regular assessment to ensure the Bank’s compliance with the data protection laws.
Will be responsible for devising training plans and providing training to staff regarding data protection compliance for those who are involved in processing sensitive personal data and personal data to raise levels of awareness of data protection issues throughout the business. He/she will also provide data protection advice and support to members of staff.
Be proactive in horizon scanning for proposed and actual changes to data protection laws and guidance to ensure awareness of changes in the regulatory environment, and to advise the business on how to be market-leading in its data protection strategy.
Review and advise the business teams in relation to data subject access requests and support the teams to provide responses. Advise the business teams on any matters in relation to data protection compliance.
Always evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated.
Take ownership of data protection documentation and reporting requirements, including records of processing activities, data protection impact assessments, data incident records and data breach reporting, and conduct periodic compliance assessments of these.
Serving as the contact point for data subjects on privacy matters, including DSARs (data subject access requests).
Performing regular data privacy assessments to ensure compliance and proactively address potential issues
Evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated at all times.
Responding to data subjects about how their personal data is utilized and measures the Bank has put in place to protect their data.
Conduct training and deepen data protection awareness across the bank
Skills & Experience:
Bachelor’s Degree in Information Technology, Legal, Risk Management or business related field from a recognised university.
Professional Certification in CISA, CISM, CRISC, CDPSE or; CIPP/CIPM
At least 6-8 years’ working experience within risk management, internal audit, compliance, 4 of which should be in Data Privacy laws within the region and/or EU Data Privacy laws.
Risk, Compliance or Legal function, with recent experience in privacy compliance.
Gmail
Yahoomail