Data Protection & Compliance Officer
2026-03-19T08:04:56+00:00
Kenya Airways
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_10763/logo/kuy.png
https://www.kenya-airways.com/
FULL_TIME
Nairobi
Nairobi
00100
Kenya
Public Administration, and Government
Legal, Business Operations, Computer & IT
2026-04-02T17:00:00+00:00
8
Purpose
The role holder will support the Company Secretary & Director Legal & Compliance in establishing and maintaining a robust and effective compliance framework. The data protection and compliance officer will play a pivotal role in the implementation of the data protection framework which has been designed for the company and will ensure the effective management of Kenya Airways’ data processes and subjects in compliance with the Personal Data Protection Regulations of Kenya and GDPR. The company expects that the Data Protection & Compliance Officer will adopt the highest standards of compliance and governance in line with best practice, laws, regulatory and internal policy standards.
Responsibilities
Compliance Management
- Support implementation of a compliance management framework and a compliance system to ensure compliance with industry regulations and internal policies covering the global operation.
- Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
- Review compliance policies and procedures on a regular basis to ensure they comply with statutory and regulatory requirements.
Implementation of the Data Protection Framework
- Implement a comprehensive enterprise-wide data protection program in line with essential elements of the Kenya Data Protection Regulations & GDPR such as principles of data processing, data subjects’ rights, privacy by design, records of processing activities, security of processing, breach escalation & records management.
- Implement the draft data protection policies and contract templates to remediate existing gaps with regards to data protection in Kenya Airways processes and ensure alignment with global standards (e.g., GDPR).
- Maintain records of all data assets and exports in conjunction with the relevant internal stakeholders.
- Identify and evaluate Kenya Airways’ data processing activities.
- Coordinate Data Protection Impact Assessments (DPIAs)
- Monitor data protection procedures and compliance within the Kenya Airway’s global operations.
Data Breach Response Plan
- Implement a data breach response plan and coordinate the activities of the plan.
- Ensure timely remediation of incidents, including impact assessments, breach response, complaints management, claims or notifications, and responding to subject access requests (SARs).
- Maintain the personal data breach log of the company.
- Report data breaches to the Office of the Data protection commissioner of Kenya as provided for in the Data Protection Regulations as we as any other global structures.
Stakeholder Management.
- Act as point of contact with the office of the Data Protection Commissioner, other supervisory authorities, internal and external stakeholders.
- Coordinate and maintain relationships with various internal & external stakeholders including regulators for information sourcing, communication and achievement of timely actions as required.
- Liaise with regulators and external networks on best practice and updates on data protection regulations and ensure that these are embedded within the company.
- Collaborate with risk champions and internal audit to remedy control lapses/gaps.
Reporting
- Prepare and provide standard and ad-hoc information and data reports on compliance with data protection regulations to the leadership of the company.
- Provide relevant periodic reports to the Office of the Data Protection Commissioner of Kenya.
- Provide regular status updates to management and draw immediate attention to compliance exposures for remedial action.
Training
- Support the implementation of the compliance and data protection training and awareness calendar, to ensure that knowledge gaps are eliminated, and critical knowledge requirements are disseminated to staff on an ongoing basis.
- Coordinate development of training content and setup of training sessions.
- Build capacity of risk & compliance champions across the institution.
- Any other assignments as delegated by the Departmental Director.
Skills
- Knowledge of internal controls and risk assessment methodologies, policies and systems
- Knowledge of regulatory compliance requirements
- Knowledge of relevant Aviation and other key National and International Compliance Standards, legislations, and regulations
- Strategic, creative, and analytical thinker
- Tech Savvy and good analysis skills
- Report Writing
Qualifications
- Bachelor’s Degree in business, law or related fields.
- Qualifications in data protection would be beneficial but is not essential
- Minimum 5 years of experience implementing controls.
- Experience implementing data protection guidelines is essential.
- Sound knowledge of Kenya Data Protection Regulations & GDPR is essential.
* Support implementation of a compliance management framework and a compliance system to ensure compliance with industry regulations and internal policies covering the global operation. * Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control. * Review compliance policies and procedures on a regular basis to ensure they comply with statutory and regulatory requirements. * Implement a comprehensive enterprise-wide data protection program in line with essential elements of the Kenya Data Protection Regulations & GDPR such as principles of data processing, data subjects’ rights, privacy by design, records of processing activities, security of processing, breach escalation & records management. * Implement the draft data protection policies and contract templates to remediate existing gaps with regards to data protection in Kenya Airways processes and ensure alignment with global standards (e.g., GDPR). * Maintain records of all data assets and exports in conjunction with the relevant internal stakeholders. * Identify and evaluate Kenya Airways’ data processing activities. * Coordinate Data Protection Impact Assessments (DPIAs) * Monitor data protection procedures and compliance within the Kenya Airway’s global operations. * Implement a data breach response plan and coordinate the activities of the plan. * Ensure timely remediation of incidents, including impact assessments, breach response, complaints management, claims or notifications, and responding to subject access requests (SARs). * Maintain the personal data breach log of the company. * Report data breaches to the Office of the Data protection commissioner of Kenya as provided for in the Data Protection Regulations as we as any other global structures. * Act as point of contact with the office of the Data Protection Commissioner, other supervisory authorities, internal and external stakeholders. * Coordinate and maintain relationships with various internal & external stakeholders including regulators for information sourcing, communication and achievement of timely actions as required. * Liaise with regulators and external networks on best practice and updates on data protection regulations and ensure that these are embedded within the company. * Collaborate with risk champions and internal audit to remedy control lapses/gaps. * Prepare and provide standard and ad-hoc information and data reports on compliance with data protection regulations to the leadership of the company. * Provide relevant periodic reports to the Office of the Data Protection Commissioner of Kenya. * Provide regular status updates to management and draw immediate attention to compliance exposures for remedial action. * Support the implementation of the compliance and data protection training and awareness calendar, to ensure that knowledge gaps are eliminated, and critical knowledge requirements are disseminated to staff on an ongoing basis. * Coordinate development of training content and setup of training sessions. * Build capacity of risk & compliance champions across the institution. * Any other assignments as delegated by the Departmental Director.
* Knowledge of internal controls and risk assessment methodologies, policies and systems * Knowledge of regulatory compliance requirements * Knowledge of relevant Aviation and other key National and International Compliance Standards, legislations, and regulations * Strategic, creative, and analytical thinker * Tech Savvy and good analysis skills * Report Writing
* Bachelor’s Degree in business, law or related fields. * Qualifications in data protection would be beneficial but is not essential * Minimum 5 years of experience implementing controls. * Experience implementing data protection guidelines is essential. * Sound knowledge of Kenya Data Protection Regulations & GDPR is essential.
JOB-69bbae282efa4
Vacancy title:
Data Protection & Compliance Officer
[Type: FULL_TIME, Industry: Public Administration, and Government, Category: Legal, Business Operations, Computer & IT]
Jobs at:
Kenya Airways
Deadline of this Job:
Thursday, April 2 2026
Duty Station:
Nairobi | Nairobi
Summary
Date Posted: Thursday, March 19 2026, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about Kenya Airways
Kenya Airways jobs in Kenya
JOB DETAILS:
Purpose
The role holder will support the Company Secretary & Director Legal & Compliance in establishing and maintaining a robust and effective compliance framework. The data protection and compliance officer will play a pivotal role in the implementation of the data protection framework which has been designed for the company and will ensure the effective management of Kenya Airways’ data processes and subjects in compliance with the Personal Data Protection Regulations of Kenya and GDPR. The company expects that the Data Protection & Compliance Officer will adopt the highest standards of compliance and governance in line with best practice, laws, regulatory and internal policy standards.
Responsibilities
Compliance Management
- Support implementation of a compliance management framework and a compliance system to ensure compliance with industry regulations and internal policies covering the global operation.
- Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
- Review compliance policies and procedures on a regular basis to ensure they comply with statutory and regulatory requirements.
Implementation of the Data Protection Framework
- Implement a comprehensive enterprise-wide data protection program in line with essential elements of the Kenya Data Protection Regulations & GDPR such as principles of data processing, data subjects’ rights, privacy by design, records of processing activities, security of processing, breach escalation & records management.
- Implement the draft data protection policies and contract templates to remediate existing gaps with regards to data protection in Kenya Airways processes and ensure alignment with global standards (e.g., GDPR).
- Maintain records of all data assets and exports in conjunction with the relevant internal stakeholders.
- Identify and evaluate Kenya Airways’ data processing activities.
- Coordinate Data Protection Impact Assessments (DPIAs)
- Monitor data protection procedures and compliance within the Kenya Airway’s global operations.
Data Breach Response Plan
- Implement a data breach response plan and coordinate the activities of the plan.
- Ensure timely remediation of incidents, including impact assessments, breach response, complaints management, claims or notifications, and responding to subject access requests (SARs).
- Maintain the personal data breach log of the company.
- Report data breaches to the Office of the Data protection commissioner of Kenya as provided for in the Data Protection Regulations as we as any other global structures.
Stakeholder Management.
- Act as point of contact with the office of the Data Protection Commissioner, other supervisory authorities, internal and external stakeholders.
- Coordinate and maintain relationships with various internal & external stakeholders including regulators for information sourcing, communication and achievement of timely actions as required.
- Liaise with regulators and external networks on best practice and updates on data protection regulations and ensure that these are embedded within the company.
- Collaborate with risk champions and internal audit to remedy control lapses/gaps.
Reporting
- Prepare and provide standard and ad-hoc information and data reports on compliance with data protection regulations to the leadership of the company.
- Provide relevant periodic reports to the Office of the Data Protection Commissioner of Kenya.
- Provide regular status updates to management and draw immediate attention to compliance exposures for remedial action.
Training
- Support the implementation of the compliance and data protection training and awareness calendar, to ensure that knowledge gaps are eliminated, and critical knowledge requirements are disseminated to staff on an ongoing basis.
- Coordinate development of training content and setup of training sessions.
- Build capacity of risk & compliance champions across the institution.
- Any other assignments as delegated by the Departmental Director.
Skills
- Knowledge of internal controls and risk assessment methodologies, policies and systems
- Knowledge of regulatory compliance requirements
- Knowledge of relevant Aviation and other key National and International Compliance Standards, legislations, and regulations
- Strategic, creative, and analytical thinker
- Tech Savvy and good analysis skills
- Report Writing
Qualifications
- Bachelor’s Degree in business, law or related fields.
- Qualifications in data protection would be beneficial but is not essential
- Minimum 5 years of experience implementing controls.
- Experience implementing data protection guidelines is essential.
- Sound knowledge of Kenya Data Protection Regulations & GDPR is essential.
Work Hours: 8
Experience in Months: 60
Level of Education: bachelor degree
Job application procedure
Interested and qualified? Go to Kenya Airways on careers.kenya-airways.com to apply
All Jobs | QUICK ALERT SUBSCRIPTION
