Data Protection Officer

Job Purpose RKJMS is seeking a competent and detail-oriented Data Protection Officer (DPO) to lead and coordinate compliance with the Kenya Data Protection Act, 2019 and related regulations. The role is responsible for embedding a strong data protection culture across the organization, safeguarding personal data, managing data subject rights, overseeing risks, and enhancing client trust through transparent and professional engagement. Key Responsibilities Data Protection Compliance & Governance Implement and oversee data protection policies, procedures, and frameworks. Advise management on lawful data processing, consent, retention, and data sharing. Maintain compliance registers, logs, and documentation. Data Subject Rights & Client Relations Act as the primary contact for queries and complaints. Manage data subject requests (access, correction, restriction, etc.) within legal timelines. Maintain records of requests and improve client experience through insights. & Transparency Oversee notices and ensure regulatory compliance. Support consent management and documentation across departments. by Design & DPIAs Integrate considerations into projects and systems. Conduct Data Protection Impact Assessments (DPIAs) for high-risk activities. Incident & Breach Management Lead investigation and response to data breaches. Coordinate mitigation actions and regulatory notifications where required. Vendor & Third-Party Management Assess and monitor vendor compliance with data protection requirements. Ensure contracts include appropriate data protection clauses. Training & Awareness Develop and deliver staff training programs on data protection and confidentiality. Promote a culture of and compliance across the organization. Monitoring, Audit & Reporting Conduct compliance audits and track corrective actions. Report on data protection KPIs and risk areas to management. Minimum Requirements Education & Professional Qualifications Bachelor’s degree in a relevant field. Professional certification or training in Data Protection/. Additional certification in compliance, risk, or information security is an added advantage. Experience At least 2 years’ experience in data protection, compliance, legal, risk, or related fields. Experience handling data subject requests and incidents. Experience in healthcare or regulated environments is an added advantage. Key Competencies Strong knowledge of data protection laws and practical application. High integrity and confidentiality. Excellent communication and client handling skills. Strong analytical and investigative ability. Good documentation and reporting skills. Ability to influence and coordinate across departments.