Data Protection Officer at Equity Bank Tanzania
Job Title: Data Protection Officer
Department/ Division: Compliance
Job Grade: Assistant Manager
Reports to: Head of Compliance
Job Purpose:
The Bank Data Protection Officer will be responsible for over- seeing data protection strategy and its implementation to ensure compliance with various Data Protection Laws and across the different jurisdiction that the Equity Group Holdings Plc and its subsidiaries (Equity) operate. The role will work closely with Leadership of IT Security, Data & Analytics, Legal, Risk and Compliance & Business functions.
Job Responsibilities/ Accountabilities:
- Implementing measures and a privacy governance framework to manage data handling and use in compliance with all the relevant privacy laws that Equity must be compliant with across the region.
- To prepare and submit quarterly reports on the compliance of the Act to the Commission.
- To provide information on violations of the provisions of the Act or these Regulations committed in the processing by the data controller or data processor and advise rectification measures.
- Collaborating with key internal stakeholders in the review of projects to ensure compliance with both local & international data privacy laws, and where necessary, complete and advise on privacy impact assessments.
- Serving as the primary point of contact and liaison for the Data Commission Office and other Data Protection Authorities within the jurisdisctions that Equity operates in.
- Serving as the primary point of contact for queries in the business regarding data Protection and Privacy
Reviewing Equity vendor contracts and consents needed to implement projects in partnership with the Legal and Information Security functions, and ensuring filing requirements with local regulators are achieved. - Ensure fulfilment of data Subject rights arising from the various touch points Equity has with the customer.
- Developing policies, standards and procedures that align to the requirements set out in the EU General Data Protection Regulation (GDPR), Data Protection Act, and Regulation 2023 and any localization requirements in countries of operation.
- Collaborating with the Information Security and Data Governance functions to raise employee awareness of data privacy and security issues and providing training on the subject matter across the bank.
- Monitoring performance and providing advice on the impact of data protection efforts across Equity
Maintaining comprehensive records of all data processing activities conducted by Equity, including the purpose of all processing activities, which must be made public on request. - Interfacing with Equity customers to inform them about how their data is being used, their Rights and what measures the organization has put in place to protect their personal information.
- Collaborating with the Information Security and Legal functions to maintain records of all data assets, ensure data classification and maintaining a data security incident management plan to ensure timely remediation of incidents, security breaches, complaints, and claims.
- Identify and evaluate the Equity’s data processing activities.
- Provide guidance and instruction on how to conduct Data Protection Impact Assessments (DPIAs)
Monitor data management procedures and compliance within Equity
Participate in meetings with managers to ensure privacy by design at all levels. - Ensure Equity addresses all queries from data subjects within legal timeframes (e.g. delete their information from our databases, update their personal information etc.)
- Consult with other organisations that process data on behalf of Equity.
- Write and update detailed guides on data protection policies.
- Perform audits and determine whether we need to alter our procedures to comply with regulations.
- Offer consultation on how to deal with data privacy breaches.
- Arrange for training on GDPR, Data Protection Act, Data Protection Regulation and other local laws on data protection to ensure compliance for employees
- Facilitate capacity building of staff involved in data processing operations.
- Follow up with changes in law and issue recommendations to ensure compliance!
KEY COMPETENCIES
- Lead from the front
- Strong analytical skills
- Adaptability
- Excellent and effective communications skills, both orally and in writing
- Reliability
- Be efficient and effective in problem solving.
- Self starter and initiative
Planning and organization
REQUIREMENTS
- At least 2 years banking experience
- A legal, Compliance, IT Security, Data Governance or Audit background
- Expert knowledge and in-depth understanding of data privacy legislation (including GDPR) and local data protection laws.
- Experience in managing data incidents and breaches.
- Knowledge of cybersecurity risks and information security standards
- Knowledge of computer security systems
- Good understanding of the data processing operations conducted, as well as the information systems, and data security and data protection needs of the controller (Equity)
- Ability to make good judgments regarding data privacy risks and to prioritize resources and activity around managing those risks.
- Able to conduct the role independently and with integrity and high professional ethics.
- Ability to plan, organize and prioritize tasks and projects.
- Good personal communication skills capable of dealing with wide range of stakeholders, including senior management.
- Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels.
- Knowledge of data processing operations in the banking sector
OTHER SKILLS AND ABILITIES
- Have effective communication skills to address customer phone calls and email inquiries.
- High personal standards and goal oriented
- Willing to learn how to navigate new software systems and attend training.
- Excellent communications skills, good listener, team player, positive attitude is necessary.
- Able to keep a good relationship with customers. Flexible and cooperative
- Able to work under pressure, tolerate stress and be quality orientated.
- Ability to conduct integrations through completion of System
- Integration Testing and User Acceptance Testing
- Ability to work with diverse teams and various stakeholders to accomplish tasks in heterogeneous
- 24 by 7 high-availability operations environments, with significant levels of direct customer interaction.
How to Apply:
If you believe you can clearly demonstrate your abilities to meet the criteria given above, please submit your application quoting the Job reference and title in the subject field to: [email protected]
Deadline: 24th February 2024