Role Overview
The Data Protection Officer will work closely with the Compliance, Risk, and IT functions to develop, implement, and monitor data protection policies, standards, and governance frameworks applicable to the business in compliance with the Data Protection Act. The role involves monitoring internal compliance and data processing practices to ensure that the business, its subsidiaries, and all functions comply with applicable data protection and privacy requirements. The officer will also be responsible for staff training, oversight of Data Protection Impact Assessments (DPIAs), and acting as the primary contact point for the Office of the Data Protection Commissioner (ODPC).
Key Responsibilities
- Establish and maintain the organization’s data protection governance framework, including implementation roadmaps, policies, and standardized templates.
- Provide advisory support to business units on the implementation of data protection requirements, ensuring compliance with the Data Protection Act, CAP 411C.
- Embed privacy principles across processes, systems, and digital platforms.
- Develop and maintain the Records of Processing Activities (ROPA) and related documentation, ensuring audit readiness.
- Design and deliver data protection training programs to ensure continuous staff awareness.
- Conduct and review Data Protection Impact Assessments (DPIAs) for new and high-risk processing activities.
- Perform periodic compliance reviews and audits to assess adherence to internal policies and regulatory requirements.
- Collaborate with IT to ensure effective data protection and security controls, including incident management frameworks.
- Oversee and coordinate data breach and incident response processes, including containment, investigation, and regulatory notification.
- Manage data subject rights requests (access, rectification, objection, restriction, and deletion) within statutory timelines.
- Serve as the primary liaison with the Office of the Data Protection Commissioner (ODPC) and other relevant stakeholders.
- Monitor regulatory developments, industry trends, and best practices in data protection.
- Prepare and submit periodic and annual reports to senior management, Board committees, and the ODPC.
Qualifications and Experience
- Academic: Bachelor’s degree in Law, Information Technology, Computer Science, Information Systems, or a related discipline from a recognized institution.
- Professional Certification: Mandatory certification in Data Protection and Privacy (e.g., CIPP/E, CIPP/IT, CISSP, CISA, or CISM).
- Experience: Minimum of 5 years’ relevant experience in compliance, risk, legal, audit, or information governance within financial services (preferably insurance or banking).
- Specific Experience: Demonstrated experience in conducting or supporting at least one Data Protection Impact Assessment (DPIA).
- Preferred Experience: Experience engaging with regulators, auditors, or supervisory authorities and exposure to insurance operations (claims, underwriting, or medical data).
Skills and Attributes
- Strong expertise in data protection law, regulatory compliance, and privacy governance.
- Excellent understanding of insurance operations and data lifecycle management.
- High level of integrity, independence, and professional judgment.
- Excellent communication, stakeholder engagement, and training capability.
- Strong analytical, risk assessment, and project management skills.
- Proficiency in software and systems including GRC platforms.
- Ability to manage competing priorities under tight timelines with high attention to detail.
How to Apply
Application letters and a copy of your current CV (combined into one document), including the names and addresses of three referees, should be sent by email to hr@tausiassurance.com.
