Summary

The primary role of the data protection officer (DPO) is to ensure that the organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules and regulations.

Responsibilities

• Advise the Bank and other Employees on data processing requirements provided under the Data Protection Act or any other written law and facilitate compliance with the Personal Data Protection Act (PDPA).
• Provide advice on data protection impact assessments in terms of collection and processing
• Co-operate with the Data Commissioner and any other authority on matters relating to data protection. Supports the communication and as point of contact for both data subjects (e.g. Customers) and regulatory authorities.
• Manage data transfers across the border – approvals and monitoring
• Develop/draft data protection policies and procedures for Board’s approval
• Ensure that all bank records align to PDPA
• Ensure that all bank systems with personal data adhere to PDPA
• Manage bank’s registration as data collector and processor
• Assess data collection, processing and preparation of a Comprehensive Data Inventory
• Ensure that controllersand data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness about them;
• Respond to Subject Access Requests (SARs) and develop SARs handling policy
• Provide clear and transparent privacy notices
• Regularly review and update data practices
• Review the controls implemented by the business (1st LOD) to inform, advise and issue recommendations to the business with regards to data protection, privacy and compliance, including with data protection requirements and internal policies and guidelines.
• Foster a data protection culture within the bank and help to implement essential elements of the data protection (e.g. principles of data processing, data subjects’ rights, data protection by design and by default, security, data breaches management)
• Advise 1st LOD (controllers/processors) regarding data protection and privacy management requirements and polices (e.g. DPIA (Data protection impact Assessment) process and objectives, safeguard measures to mitigate the risks - technical, organizational and formal – record of processing operations management)
• Promote continuous training to maintain data protection awareness and feedback process
• Offer consultation once a data breach or other incident has occurred and must be involved in relevant issues in a timely manner and report directly to highest management level.
• Attend regular/ongoing data protection, information security and privacy training
• Track Data Protection requirements implementation in respect of:
• Data Protection impact assessments, readiness plan and Privacy notices rollout
• Personal data collection, creation and processing
• Personal data transfers and further processing of personal data
• Record Management
• Data management – CDO
• Direct marketing customer consent
• Privacy related complaints
• Information security
• Incident management
• Breach escalations to Compliance
• Report on implementation progress status (milestones achieved and escalate slippages)
• Testing of adherence to standards and escalation of non-adherence to standards
• Completion of data protection risk profile based on progress status and testing results
• Give advice and recommendations to the bank about the interpretation or application of the data protection rules and regulations;
• Ensure data protection compliance within the bank and help the latter to be  accountable in this respect.

Education and Qualifications

• Bachelors of Laws Degree
• Advocate of the High Court of Tanzania
• ICT will be an added advantage

Requirements

Previous work experience of minimum 5 years in a bank or commercial law firm.

Characteristics

• A structured approach to dealing with complex and variable work environments in an independent manner.
• Ability to balance opposing business requirements.
• Ability to balance long term and short-term requirements independently
• Strong evaluation, communication and reporting skills including well conversant in Microsoft office presentation.
• Able to provide advice and cause/effect evaluation to support business decision making
• Independent and logical thinker, yet an achiever and implementer
• Leads by example
• Good at managing large volumes of information and can add value through management reporting
• Builds relationships and networks easily
• Has a strong service ethic