• The DPO will ensure that all personal data relating to guests, employees, suppliers, and partners is processed in full compliance with regional data protection laws and international standards.
• The ideal candidate is a compliance expert with excellent stakeholder management skills, and a proven ability to implement practical, organization-wide data protection frameworks.

Key Responsibilities

• Ensure all business units comply with the Kenya DPA (2019), Tanzanian PDPA (2022), Rwandan Law No. 058/2021, and applicable international data protection standards.
• Lead and support Data Protection Impact Assessments (DPIAs) for new guest management systems, booking platforms, digital tools, loyalty programs, and high-risk data processing activities.
• Develop, implement, and enforce data protection policies, SOPs, and privacy guidelines tailored to hospitality operations such as guest check-ins, reservations, CCTV, payments, and marketing.
• Oversee data subject rights requests (DSARs) from guests, employees, and partners, ensuring timely, secure, and legally compliant responses.
• Serve as the primary liaison with ODPC, PDPC, NCSA, and other regulators, coordinating audits, inspections, and compliance submissions.
• Lead data breach incident response, assessing impact, notifying regulators and affected individuals, and driving corrective actions.
• Maintain and update Records of Processing Activities (ROPA) and data flow maps for all hotel systems, departments, and third-party service providers (e.g., PMS, POS, CRM, and booking engines).
• Deliver data privacy training and awareness programs to hotel staff, front-office teams, reservations, marketing, HR, and management to embed a strong culture of data protection.

Key Qualifications.

• Bachelor’s degree in Law, Information Security, Computer Science, or a related field; specialized training or a postgraduate qualification in Data Protection is an added advantage.
• Experience in data protection, compliance, information security, or regulatory roles, preferably within the hospitality, travel, or service industry.
• Strong understanding of regional data protection laws (Kenya DPA, Tanzanian PDPA, Rwandan Law No. 058/2021) and international frameworks such as GDPR and ISO 27701.
• Demonstrated experience conducting DPIAs, managing DSARs, and driving data privacy programs in operational environments.
• Knowledge of hospitality systems (PMS, POS, booking engines, CRM platforms) and data flows within hotel and guest service operations is highly desirable.
• Strong risk management, analytical, and documentation skills with the ability to interpret legal requirements into practical operational controls.
• Excellent communication, training, and stakeholder engagement skills, capable of working with multi-functional teams across different countries.