The DPO will ensure that all personal data relating to guests, employees, suppliers, and partners is processed in full compliance with regional data protection laws and international standards.
The ideal candidate is a compliance expert with excellent stakeholder management skills, and a proven ability to implement practical, organization-wide data protection frameworks.
Key Responsibilities
Ensure all business units comply with the Kenya DPA (2019), Tanzanian PDPA (2022), Rwandan Law No. 058/2021, and applicable international data protection standards.
Lead and support Data Protection Impact Assessments (DPIAs) for new guest management systems, booking platforms, digital tools, loyalty programs, and high-risk data processing activities.
Develop, implement, and enforce data protection policies, SOPs, and privacy guidelines tailored to hospitality operations such as guest check-ins, reservations, CCTV, payments, and marketing.
Oversee data subject rights requests (DSARs) from guests, employees, and partners, ensuring timely, secure, and legally compliant responses.
Serve as the primary liaison with ODPC, PDPC, NCSA, and other regulators, coordinating audits, inspections, and compliance submissions.
Lead data breach incident response, assessing impact, notifying regulators and affected individuals, and driving corrective actions.
Maintain and update Records of Processing Activities (ROPA) and data flow maps for all hotel systems, departments, and third-party service providers (e.g., PMS, POS, CRM, and booking engines).
Deliver data privacy training and awareness programs to hotel staff, front-office teams, reservations, marketing, HR, and management to embed a strong culture of data protection.
Key Qualifications.
Bachelor's degree in Law, Information Security, Computer Science, or a related field; specialized training or a postgraduate qualification in Data Protection is an added advantage.
Experience in data protection, compliance, information security, or regulatory roles, preferably within the hospitality, travel, or service industry.
Strong understanding of regional data protection laws (Kenya DPA, Tanzanian PDPA, Rwandan Law No. 058/2021) and international frameworks such as GDPR and ISO 27701.
Demonstrated experience conducting DPIAs, managing DSARs, and driving data privacy programs in operational environments.
Knowledge of hospitality systems (PMS, POS, booking engines, CRM platforms) and data flows within hotel and guest service operations is highly desirable.
Strong risk management, analytical, and documentation skills with the ability to interpret legal requirements into practical operational controls.
Excellent communication, training, and stakeholder engagement skills, capable of working with multi-functional teams across different countries.