NBK Data Protection Officer

Key Responsibilities:

• Act as the primary point of contact within the Bank for data privacy issues for members of staff, regulators, and any relevant data protection authorities.
• Ensure the Bank’s policy is in accordance with the Data Protection Act, 2019.
• Evaluate the existing data protection framework and identify areas of non or partial compliance and resolve any issues.
• Conduct regular assessment to ensure the Bank’s compliance with the data protection laws.
• Will be responsible for devising training plans and providing training to staff regarding data protection compliance for those who are involved in processing sensitive personal data and personal data to raise levels of awareness of data protection issues throughout the business. He/she will also provide data protection advice and support to members of staff.
• Be proactive in horizon scanning for proposed and actual changes to data protection laws and guidance to ensure awareness of changes in the regulatory environment, and to advise the business on how to be market-leading in its data protection strategy.
• Review and advise the business teams in relation to data subject access requests and support the teams to provide responses. Advise the business teams on any matters in relation to data protection compliance.
• Promote a culture of data protection compliance across all units of the Bank and conduct periodic audits to ensure data privacy processes are being followed.
• Always evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated. 
• Take ownership of data protection documentation and reporting requirements, including records of processing activities, data protection impact assessments, data incident records and data breach reporting, and conduct periodic compliance assessments of these.
• Serving as the contact point for data subjects on privacy matters, including DSARs (data subject access requests).
• Performing regular data privacy assessments to ensure compliance and proactively address potential issues 
• Evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated at all times. 
• Responding to data subjects about how their personal data is utilized and measures the Bank has put in place to protect their data.
• Conduct training and deepen data protection awareness across the bank

Skills & Experience:

• Bachelor’s Degree in Information Technology, Legal, Risk Management or business related field from a recognised university.
• Professional Certification in CISA, CISM, CRISC, CDPSE or; CIPP/CIPM 
• At least 6-8 years’ working experience within risk management, internal audit, compliance, 4 of which should be in Data Privacy laws within the region and/or EU Data Privacy laws.
• Risk, Compliance or Legal function, with recent experience in privacy compliance.
• Conversant with Banking regulatory requirements
• Experience in Branch Operations.
• Expertise in MIS.
• Knowledge of AML/KYC policy
• Analytical skills.
• Excellent report writing skills
• Inter-personal sensitivity.
• Action and result orientation.
• Resilience
• Excellent communication & inter-personal skills
• Good presentation skills
• Good analytical skills

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation:  Group Name Change,   Name Change Certificate,  KCB Advise on Non-Operating Holding Company,  KCB Group Structure,  Kenya Gazette Notice.