Data Protection Officer (Dpo) at Tausi Assurance Company

The bearer of the role will work closely with the Compliance, Risk, and IT functions to develop, implement, and monitor data protection policies, standards, and governance frameworks applicable to the business in compliance with the Data Protection

The Data Protection Officer will monitor internal compliance and data processing practices to ensure that the business, its subsidiaries, and all functions comply with applicable data protection and privacy requirements

She/He will be responsible for staff training, oversight of Data Protection Impact Assessments (DPIAs), and will act as the primary contact point for the ODPC and for individuals whose personal data is processed by the organization

• Establish and maintain the organization’s data protection governance framework, including the implementation roadmap, policies, and standardized templates for data collection, consent management, and data mapping.
• Provide advisory support to business units on the implementation of data protection requirements, ensuring compliance with the Data Protection Act, CAP 411C, and embedding privacy principles across processes, systems, and digital platforms.
• Develop, maintain, and ensure audit readiness of the Records of Processing Activities (ROPA) and related documentation, covering processing purposes, data categories, retention periods, and lawful bases.
• Design and deliver data protection training programs, ensuring continuous staff awareness in line with regulatory developments and emerging risks. Conduct and review Data Protection Impact Assessments (DPIAs) for new and high-risk processing activities, including products, systems, and digital platforms.
• Perform periodic compliance reviews and audits to assess adherence to internal policies and regulatory requirements, and drive timely remediation of identified gaps.
• Collaborate with IT to ensure effective data protection and security controls, including maintenance of data asset registers and implementation of incident management frameworks.
• Oversee and coordinate data breach and incident response processes, including breach detection, containment, investigation, impact assessment, regulatory notification, communication to affected data subjects, and post-incident remediation.
• Maintain the company’s personal data breach register.
• Manage data subject rights requests (including access, rectification, objection, restriction, and deletion), ensuring compliance with statutory timelines and proper documentation of responses.
• Support the development, review, and implementation of privacy notices across all data collection points, ensuring transparency and compliance.
• Serve as the primary liaison with the Office of the Data Protection Commissioner (ODPC) and other relevant stakeholders, including regulators, data controllers/processors, and data subjects, during inspections, audits, investigations, and ongoing engagements.
• Monitor regulatory developments, industry trends, and best practices in data protection, and provide proactive guidance to ensure continuous organizational compliance.
• Prepare and submit periodic and annual reports, including compliance reports, risk updates, and work plans to senior management, Board committees, and the ODPC.

APPLY NOW