Job Purpose

• RKJMS is seeking a competent and detail-oriented Data Protection Officer (DPO) to lead and coordinate compliance with the Kenya Data Protection Act, 2019 and related regulations.
• The role is responsible for embedding a strong data protection culture across the organization, safeguarding personal data, managing data subject rights, overseeing privacy risks, and enhancing client trust through transparent and professional engagement.

Key Responsibilities

• Data Protection Compliance & Governance
• Implement and oversee data protection policies, procedures, and frameworks.
• Advise management on lawful data processing, consent, retention, and data sharing.
• Maintain compliance registers, logs, and documentation.
• Data Subject Rights & Client Relations
• Act as the primary contact for privacy queries and complaints.
• Manage data subject requests (access, correction, restriction, etc.) within legal timelines.
• Maintain records of requests and improve client experience through insights.
• Privacy & Transparency
• Oversee privacy notices and ensure regulatory compliance.
• Support consent management and documentation across departments.
• Privacy by Design & DPIAs
• Integrate privacy considerations into projects and systems.
• Conduct Data Protection Impact Assessments (DPIAs) for high-risk activities.
• Incident & Breach Management
• Lead investigation and response to data breaches.
• Coordinate mitigation actions and regulatory notifications where required.
• Vendor & Third-Party Management
• Assess and monitor vendor compliance with data protection requirements.
• Ensure contracts include appropriate data protection clauses.
• Training & Awareness
• Develop and deliver staff training programs on data protection and confidentiality.
• Promote a culture of privacy and compliance across the organization.
• Monitoring, Audit & Reporting
• Conduct compliance audits and track corrective actions.
• Report on data protection KPIs and risk areas to management.

Minimum Requirements

Education & Professional Qualifications

• Bachelor’s degree in a relevant field.
• Professional certification or training in Data Protection/Privacy.
• Additional certification in compliance, risk, or information security is an added advantage.

Experience

• At least 2 years’ experience in data protection, compliance, legal, risk, or related fields.
• Experience handling data subject requests and privacy incidents.
• Experience in healthcare or regulated environments is an added advantage.

Key Competencies

• Strong knowledge of data protection laws and practical application.
• High integrity and confidentiality.
• Excellent communication and client handling skills.
• Strong analytical and investigative ability.
• Good documentation and reporting skills.
• Ability to influence and coordinate across departments.