The Co-operative Bank of Kenya Limited is incorporated in Kenya under the Company Act and is also licensed to do the business of banking under the Banking Act. The Bank was initially registered under the Co-operative Societies Act at the point of founding in 1965. This status was retained up to and until June 27th 2008 when the Banks Special General Meeti...

The Role

The successful jobholder will be expected to:

• Ensure that staff, customers, vendors, or any other individuals’ data is collected only where there is a lawful basis for processing.
• Maintain and update data protection policies and procedures.
• Oversee the development and implementation of the Data Protection Impact Assessments in line with data privacy laws.
• Oversee the management of data retention policies to demonstrate data protection compliance.
• Evaluate the existing data protection framework, identify areas of non or partial compliance, and rectify any issues.
• Develop and implement solutions to ensure privacy policies are correctly implemented. The solutions should comply with legal requirements of data use and meet business data needs.
• Collaborate with data product development teams creating new uses of data that employ privacy features.
• Analyze design for new data streams with a goal of developing technical solutions and systems to help mitigate privacy vulnerabilities and prevent potential future privacy risks.
• Responsible for assisting with the management of data privacy, data protection, data usability, performance and the integrity of the privacy solution.
• Identify areas of improvement in local practices related to managing data privacy.
• Establish strategic partnerships with various business units to communicate data protection activities effectively.
• Foster partnerships with industry stakeholders to discover and share leading practices in data protection, incorporating them into the bank for continuous improvement while staying informed about industry and regulatory developments.
• Conduct data privacy audits on bank departments and units to ensure compliance with the Data Protection Act 2019 and follow up on closure of any identified gaps.
• Collaborate with the Office of the Data Protection Commissioner on data protection matters, including registration, response to notices, audits, reporting and containment of data breaches as outlined in the Data Protection Act (2019).
• Attend data protection conferences and webinars to stay updated on best practices.

Qualifications, Skills & Attributes

The successful jobholder will be required to possess the following qualifications:

• A degree in information management, law, data management, social sciences or other related fields is preferred (or equivalent on-the-job experience).
• Knowledge of Data Protection laws and regulations.
• Experience in managing data incidents and breaches.
• Good understanding of data processing operations, including information systems, data security and data protection needs of an institution.
• A minimum of 5 years of business experience, with 3 years being in data management, compliance, risk or information management environment.
• Familiarity with the major data protection and governance tools and products available in the market as well as expertise or at least familiarity with data privacy solutions.
• Well-developed, professional interpersonal skills; ability to interact effectively with people at all levels.
• Ability to handle confidential and sensitive information with appropriate discretion and ethics.
• Strong coordination and project management skills to handle complex projects.
• Data privacy certification will be an added advantage.

• Ensure that staff, customers, vendors, or any other individuals’ data is collected only where there is a lawful basis for processing.
• Maintain and update data protection policies and procedures.
• Oversee the development and implementation of the Data Protection Impact Assessments in line with data privacy laws.
• Oversee the management of data retention policies to demonstrate data protection compliance.
• Evaluate the existing data protection framework, identify areas of non or partial compliance, and rectify any issues.
• Develop and implement solutions to ensure privacy policies are correctly implemented. The solutions should comply with legal requirements of data use and meet business data needs.
• Collaborate with data product development teams creating new uses of data that employ privacy features.
• Analyze design for new data streams with a goal of developing technical solutions and systems to help mitigate privacy vulnerabilities and prevent potential future privacy risks.
• Responsible for assisting with the management of data privacy, data protection, data usability, performance and the integrity of the privacy solution.
• Identify areas of improvement in local practices related to managing data privacy.
• Establish strategic partnerships with various business units to communicate data protection activities effectively.
• Foster partnerships with industry stakeholders to discover and share leading practices in data protection, incorporating them into the bank for continuous improvement while staying informed about industry and regulatory developments.
• Conduct data privacy audits on bank departments and units to ensure compliance with the Data Protection Act 2019 and follow up on closure of any identified gaps.
• Collaborate with the Office of the Data Protection Commissioner on data protection matters, including registration, response to notices, audits, reporting and containment of data breaches as outlined in the Data Protection Act (2019).
• Attend data protection conferences and webinars to stay updated on best practices.

• Knowledge of Data Protection laws and regulations.
• Experience in managing data incidents and breaches.
• Good understanding of data processing operations, including information systems, data security and data protection needs of an institution.
• Familiarity with the major data protection and governance tools and products available in the market as well as expertise or at least familiarity with data privacy solutions.
• Well-developed, professional interpersonal skills; ability to interact effectively with people at all levels.
• Ability to handle confidential and sensitive information with appropriate discretion and ethics.
• Strong coordination and project management skills to handle complex projects.

• A degree in information management, law, data management, social sciences or other related fields is preferred (or equivalent on-the-job experience).
• Data privacy certification will be an added advantage.