Job Purpose
RKJMS is seeking a competent and detail-oriented Data Protection Officer (DPO) to lead and coordinate compliance with the Kenya Data Protection Act, 2019 and related regulations.
The role is responsible for embedding a strong data protection culture across the organization, safeguarding personal data, managing data subject rights, overseeing privacy risks, and enhancing client trust through transparent and professional engagement.
Key Responsibilities
Data Protection Compliance & Governance
Implement and oversee data protection policies, procedures, and frameworks.
Advise management on lawful data processing, consent, retention, and data sharing.
Maintain compliance registers, logs, and documentation.
Data Subject Rights & Client Relations
Act as the primary contact for privacy queries and complaints.
Manage data subject requests (access, correction, restriction, etc.) within legal timelines.
Maintain records of requests and improve client experience through insights.
Privacy & Transparency
Oversee privacy notices and ensure regulatory compliance.
Support consent management and documentation across departments.
Privacy by Design & DPIAs
Integrate privacy considerations into projects and systems.
Conduct Data Protection Impact Assessments (DPIAs) for high-risk activities.
Incident & Breach Management
Lead investigation and response to data breaches.
Coordinate mitigation actions and regulatory notifications where required.
Vendor & Third-Party Management
Assess and monitor vendor compliance with data protection requirements.
Ensure contracts include appropriate data protection clauses.
Training & Awareness
Develop and deliver staff training programs on data protection and confidentiality.
Promote a culture of privacy and compliance across the organization.
Monitoring, Audit & Reporting
Conduct compliance audits and track corrective actions.
Report on data protection KPIs and risk areas to management.
Minimum Requirements
Education & Professional Qualifications
Bachelor's degree in a relevant field.
Professional certification or training in Data Protection/Privacy.
Additional certification in compliance, risk, or information security is an added advantage.
Experience
At least 2 years' experience in data protection, compliance, legal, risk, or related fields.
Experience handling data subject requests and privacy incidents.
Experience in healthcare or regulated environments is an added advantage.
Key Competencies
Strong knowledge of data protection laws and practical application.
High integrity and confidentiality.
Excellent communication and client handling skills.
Strong analytical and investigative ability.
Good documentation and reporting skills.
Ability to influence and coordinate across departments.