The Data Protection Officer (DPO), will be responsible for ensuring compliance with data protection regulations, developing and implementing data protection policies and procedures, and serving as the point of contact for data subjects and regulatory authorities regarding data protection matters. The DPO will work closely with internal stakeholders to promote a culture of data privacy and security within Kenya Red Cross Society.
Duties and Responsibilities

• Develop, implement, and maintain a comprehensive data protection program aligned with the Data Protection Act, 2019, and other relevant regulations.
• Conduct regular gap analysis to identify and address any shortcomings in KRCS data protection practices.
• Draft and implement data protection policies and procedures covering data collection, storage, access, sharing, retention, and disposal.
• Oversee the implementation of technical and organizational measures to safeguard data from unauthorized access, disclosure, alteration, or destruction.
• Manage data subject access requests (DSARs) and ensure timely responses within legal timeframes.
• Collaborate with internal departments (IT, HR, Legal) to raise awareness of data protection principles and best practices.  
• Provide training and guidance to staff on their data protection responsibilities.
• Act as the primary point of contact for data protection inquiries from internal stakeholders and external regulators.
• Conduct Data Protection and Impact Assessment (DPIA) and maintain comprehensive records of data processing activities.
• Report on data protection activities and compliance status to senior management.

Desired Competencies

• Understanding of data protection regulations: In-depth knowledge of relevant data protection laws like the Kenyan Data Protection Act, 2019, and the EU General Data Protection Regulation (GDPR) if applicable
• Data security expertise: Familiarity with data security best practices, including encryption, access controls, and incident response procedures.
• Knowledge of IT systems: Understanding of data storage mechanisms, data flow within the organization, and potential vulnerabilities.
• Analytical and problem-solving skills: Ability to identify data protection risks, assess their impact, and develop effective mitigation strategies.
• Communication skills: Excellent written and verbal communication skills to explain complex data protection concepts to both technical and non-technical audiences.
• Proactive approach: Continuously monitoring the data protection landscape and keeping abreast of evolving regulations and best practices.
• Experience in data breach management: Understanding the process of identifying, containing, and reporting data breaches

Minimum Qualifications

• Bachelor's degree in law, Information Technology, or a related field.
• Certified Information Privacy Professional (CIPP) or equivalent data protection qualification.
• Minimum of (3) years of experience in data protection. Strong understanding of the Data Protection Act, 2019, and other relevant data protection regulations.