Data Protection Officer

About the job
Summary:

The Data Protection Officer is a required appointment in line with the Nigeria Data Protection Regulation and has specific responsibilities for the protection of the personal data of data subjects. The Data Protection Officer has the authority to:

Take decisions regarding data subjects allowable under the relevant data protection legislation
Represent the organisation to supervisory authorities with regard to data protection issues
Represent the organisation to clients with regard to data protection issues.

Responsibilities:

1. Advise the organisation on compliance with applicable data protection legislation in Nigeria including but not limited to the Nigeria Data Protection Regulation (NDPR), the NITDA Act, the NDPR Data Protection Implementation Framework, etc.

2. Liaise with the different functions of the organization that have responsibilities involving the processing of Personal Data of employees, vendors, clients, and other Data Subjects.

3. The Data Protection Officer (DPO) shall be on the lookout for updates and changes to the provisions of relevant data protection legislation so as to effect these changes in the organisation’s policies and processes and also proffer accurate advice where necessary.

4. Work with the appointed Data Protection Compliance Organisation (DPCO) in ensuring that that the organization duly complies with data protection legislation particularly in the timely filing of the Annual Data Protection Compliance Audit Report for the organization on or before the 15th of March every year (or other extended deadline).

5. Collaborate and coordinate relevant personnel of the organization in the event of a disaster that affects the organization’s systems and database so as to mitigate the effect of such disaster to the greatest extent possible. The DPO shall work with personnel from relevant departments including but not limited to IT, Human Resources to ensure the implementation of the organization’s security measures to address such disaster incidents as may be provided in the organization’s policies. Furthermore, the DPO shall ensure the communication of such breach/disaster incident to the regulatory authority and to the Data Subjects where such is deemed necessary.

6. Perform regular reviews of the organization’s internal policies to ensure that the organization’s processes and policies are in compliance with the provisions of the NDPR and other applicable data protection legislation.

7. Ensure the organization’s Management and Board of Directors are aware and consistently updated on the compliance requirements of the NDPR and related legislation and are compliant to the greatest extent possible.

8. Ensure the organization’s contracts with its employees, clients, and vendors are regularly revised to include data protection clauses and general compliance with applicable data protection legislation.

9. Develop and improve all appropriate policies with data protection clauses such as HR Policy, Information Security Policy, Incident Management Policy, Privacy Policy, Data Breach Management Policy, Data Retention Policy, Disaster Recovery Policy, Data Protection Impact Assessment Policy, etc.

10. Provide adequate support to process owners in conducting Data Protection Compliance Audits (DPCAs), and Data Protection Impact Assessments (DPIAs) in accordance with extant laws and relevant policies.

11. The DPO shall assist the organization in ensuring that there are adequate security measures in place to protect personal data and also ensure that the organization’s Information Systems are guided by an Information Security Standard. The DPO shall also look out for updates in security standards so as to ensure that same are implemented in the organization’s security systems.

12. Provide adequate advice to the organization as regards the transfer of Personal Data to a foreign country and shall ensure that such transfer is done in accordance with the provisions of the NDPR.

13. Conduct regular capacity building for personnel of the organization to ensure compliance with the NDPR.

14. Ensure that the organization has appropriate legal bases for all processing activities that it conducts on Personal Data at every point in time.

15. Ensure that the rights of Data Subjects to their Personal Data being processed by the organization are safeguarded and protected and can be exercised in accordance with the provisions of the NDPR.

16. Act as the organization’s representative with the relevant DPCO as well as with the Nigeria Data Protection Bureau (NDPB).

Qualifications:

1. Must have adequate knowledge and experience in Data Protection, Cybersecurity, and Privacy functions.

2. Certification in Data Protection, Cybersecurity, and Privacy Rights will be an advantage.

3. Client relationship skills to continuously coordinate privacy with Data Controllers, Administrators, and third parties.

4. Relevant industry experience in privacy risk assessment and attainment of information security standards certifications.

5. Team coordination skills.