Data Protection & Compliance Officer at Kenya Airways

Purpose

The role holder will support the Company Secretary & Director Legal & Compliance in establishing and maintaining a robust and effective compliance framework. The data protection and compliance officer will play a pivotal role in the implementation of the data protection framework which has been designed for the company and will ensure the effective management of Kenya Airways' data processes and subjects in compliance with the Personal Data Protection Regulations of Kenya and GDPR. The company expects that the Data Protection & Compliance Officer will adopt the highest standards of compliance and governance in line with best practice, laws, regulatory and internal policy standards.

Responsibilities

Compliance Management


Support implementation of a compliance management framework and a compliance system to ensure compliance with industry regulations and internal policies covering the global operation.
Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
Review compliance policies and procedures on a regular basis to ensure they comply with statutory and regulatory requirements.


Implementation of the Data Protection Framework


Implement a comprehensive enterprise-wide data protection program in line with essential elements of the Kenya Data Protection Regulations & GDPR such as principles of data processing, data subjects' rights, privacy by design, records of processing activities, security of processing, breach escalation & records management.
Implement the draft data protection policies and contract templates to remediate existing gaps with regards to data protection in Kenya Airways processes and ensure alignment with global standards (e.g., GDPR).
Maintain records of all data assets and exports in conjunction with the relevant internal stakeholders.
Identify and evaluate Kenya Airways' data processing activities.
Coordinate Data Protection Impact Assessments (DPIAs)
Monitor data protection procedures and compliance within the Kenya Airway's global operations.


Data Breach Response Plan


Implement a data breach response plan and coordinate the activities of the plan.
Ensure timely remediation of incidents, including impact assessments, breach response, complaints management, claims or notifications, and responding to subject access requests (SARs).
Maintain the personal data breach log of the company.
Report data breaches to the Office of the Data protection commissioner of Kenya as provided for in the Data Protection Regulations as we as any other global structures.


Stakeholder Management.


Act as point of contact with the office of the Data Protection Commissioner, other supervisory authorities, internal and external stakeholders.
Coordinate and maintain relationships with various internal & external stakeholders including regulators for information sourcing, communication and achievement of timely actions as required.
Liaise with regulators and external networks on best practice and updates on data protection regulations and ensure that these are embedded within the company.
Collaborate with risk champions and internal audit to remedy control lapses/gaps.


Reporting


Prepare and provide standard and ad-hoc information and data reports on compliance with data protection regulations to the leadership of the company.
Provide relevant periodic reports to the Office of the Data Protection Commissioner of Kenya.
Provide regular status updates to management and draw immediate attention to compliance exposures for remedial action.


Training


Support the implementation of the compliance and data protection training and awareness calendar, to ensure that knowledge gaps are eliminated, and critical knowledge requirements are disseminated to staff on an ongoing basis.
Coordinate development of training content and setup of training sessions.
Build capacity of risk & compliance champions across the institution.


Any other assignments as delegated by the Departmental Director.

Skills


Knowledge of internal controls and risk assessment methodologies, policies and systems
Knowledge of regulatory compliance requirements
Knowledge of relevant Aviation and other key National and International Compliance Standards, legislations, and regulations
Strategic, creative, and analytical thinker
Tech Savvy and good analysis skills
Report Writing


Qualifications


Bachelor's Degree in business, law or related fields.
Qualifications in data protection would be beneficial but is not essential
Minimum 5 years of experience implementing controls.
Experience implementing data protection guidelines is essential.
Sound knowledge of Kenya Data Protection Regulations & GDPR is essential.