Data Protection Officer
2026-01-26T09:32:57+00:00
Jubilee Insurance
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_8930/logo/jubi.jpg
https://jubileeinsurance.com/ke/
FULL_TIME
Nairobi
Nairobi
00100
Kenya
Professional Services
Legal, Business Operations, Computer & IT
2026-01-30T17:00:00+00:00
8
Background information about the job or company (e.g., role context, company overview)
Jubilee Insurance was established in August 1937, as the first locally incorporated Insurance Company based in Mombasa in 1937. Jubilee Insurance has spread its sphere of influence throughout the region to become the largest Composite insurer in East Africa, handling Life, Pensions, general and Medical insurance.
Role Purpose
The purpose of this role is to establish, implement and enforce a robust Data Protection and compliance framework and systems (policies, processes and tools) to ensure that Jubilee Insurance companies are compliant with the Data Protection Act and Regulations.
Responsibilities or duties
Strategy
- Collaborate with senior management and other key stakeholders to implement the strategic direction for Data Protection Function with the Life Company. This involves analyzing market trends, assessing industry dynamics, and identifying opportunities for improvement and growth.
- Keep abreast of regulatory developments and industry initiatives and advise management accordingly.
- Data Privacy Impact Assessments: Conduct privacy impact assessments for new products, processes, or systems that involve the collection and processing of personal data.
- Data Retention Policies: Develop and enforce data retention policies to ensure data is retained only for the necessary period and in accordance with legal requirements.
Operational
- Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies.
- Evaluate the existing data protection framework to identify areas of no or partial compliance, maintaining a register of all compliance levels and rectify any issues that may arise.
- Guiding the Company, departments, and all support functions on implementation of Data Protection Act requirements and supporting them to ensure compliance with the Act.
- Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements.
- Conducting audits to ensure compliance, accountability and address potential issues proactively.
- Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities through co-operating with them during inspections and by responding to any complaints or queries raised with regards to Data Protection.
- Monitoring performance and adherence to the requirements to relevant regulation while providing advice on the data protection impact assessment.
- Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities.
- Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, and measures the company has put in place to protect personal and/or sensitive information and raise awareness on all of the above.
- Advising and recommending the interpretation and/or application of the Data Protection Act or any other written law on data privacy.
- Handling queries or complaints internally or externally regarding data confidentiality and use.
- Providing status updates to the Head of Risk & Compliance, Senior and Middle Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirements.
- Creating an Information Base: Guide and support on the creation of an information based on Data Protection and any other elements which may be helpful to the controllers and the staff of the organization.
- Relationship Building: Build a stable professional relationship with data controllers providing advice where necessary and investing time and efforts in showing the benefits of data protection compliance.
- Support the business in preparation of digital and other privacy statements as may be required for the business and ensure processes are put in place for collection of consents from the relevant data subjects and partners
- Ensure the business has relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums.
- Preparing an annual work programme at the beginning of each year for the upcoming year for the sign-off by the Head of Risk & Compliance.
- Networking with other Data Protection Officers to share information and keep up with information and emerging trends around data protection as well as following up on change in laws and make recommendations on changes required.
Corporate Governance
- Compliance: Stay updated on industry regulations, compliance requirements, and best practices.
- Adherence to the laws and regulations of Kenya, the policies and regulations within the insurance industry and all internal company policies and procedures.
- Ensuring compliance with applicable statutory and regulatory requirements and establishing mitigation measures against emerging business risks.
- Implement effective risk management strategies, including appropriate internal controls, to mitigate operational, financial, and regulatory risks.
People & Culture
- Cross-Functional Collaboration: Actively participate in cross-functional project teams to drive collaboration, innovation, and accountability across departments and the Group.
- Employee Collaboration Index: Participate in a minimum of 2 company projects per year with an 80% success rate and engage in at least 1 Group-wide project per year.
- Skills and Competency Development Index: 100% compliance with your training plan annually to support personal and professional growth, ensuring alignment with career paths and future challenges.
- Cultural Alignment Index (CAI): Attain the Company’s CAI target score by embedding Jubilee’s values (e.g., innovation, teamwork, excellence) into project execution and team dynamics.
- Conflict Resolution: Address interpersonal or project-related conflicts constructively, maintaining team morale and focus on shared goals.
- Resource Advocacy: Communicate needs (e.g., tools, training, support) to supervisors to ensure personal and team success
Jubilee Life Brand
Uphold the Company’s brand integrity by ensuring responsible data governance and compliance with data protection requirements.
Qualifications or requirements (e.g., education, skills)
Key Competencies
- In-depth knowledge of life insurance regulations and industry practices.
- Strong understanding of AML, KYC integrity, and Data Privacy requirements.
- Analytical and problem-solving skills to assess and address compliance risks.
- Excellent communication and interpersonal skills to educate and advise stakeholders.
- Ability to collaborate effectively with cross-functional teams.
- Detail-oriented with strong organizational and time management abilities.
- Proactive approach to staying updated on regulatory developments.
- Leadership and influencing skills to drive data protection compliance initiatives across the organization.
Academic Background & Relevant Qualifications
- Bachelor’s degree in law or any other related Degree.
- Advanced degree or professional certifications in Data Protection.
Experience needed
- Minimum 3-4 years’ experience within the data protection sector, risk management and compliance space.
- In-depth knowledge of life insurance industry.
- Proven track record o
* Collaborate with senior management and other key stakeholders to implement the strategic direction for Data Protection Function with the Life Company. This involves analyzing market trends, assessing industry dynamics, and identifying opportunities for improvement and growth. * Keep abreast of regulatory developments and industry initiatives and advise management accordingly. * Conduct privacy impact assessments for new products, processes, or systems that involve the collection and processing of personal data. * Develop and enforce data retention policies to ensure data is retained only for the necessary period and in accordance with legal requirements. * Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies. * Evaluate the existing data protection framework to identify areas of no or partial compliance, maintaining a register of all compliance levels and rectify any issues that may arise. * Guiding the Company, departments, and all support functions on implementation of Data Protection Act requirements and supporting them to ensure compliance with the Act. * Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements. * Conducting audits to ensure compliance, accountability and address potential issues proactively. * Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities through co-operating with them during inspections and by responding to any complaints or queries raised with regards to Data Protection. * Monitoring performance and adherence to the requirements to relevant regulation while providing advice on the data protection impact assessment. * Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities. * Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, and measures the company has put in place to protect personal and/or sensitive information and raise awareness on all of the above. * Advising and recommending the interpretation and/or application of the Data Protection Act or any other written law on data privacy. * Handling queries or complaints internally or externally regarding data confidentiality and use. * Providing status updates to the Head of Risk & Compliance, Senior and Middle Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirements. * Creating an Information Base: Guide and support on the creation of an information based on Data Protection and any other elements which may be helpful to the controllers and the staff of the organization. * Relationship Building: Build a stable professional relationship with data controllers providing advice where necessary and investing time and efforts in showing the benefits of data protection compliance. * Support the business in preparation of digital and other privacy statements as may be required for the business and ensure processes are put in place for collection of consents from the relevant data subjects and partners * Ensure the business has relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums. * Preparing an annual work programme at the beginning of each year for the upcoming year for the sign-off by the Head of Risk & Compliance. * Networking with other Data Protection Officers to share information and keep up with information and emerging trends around data protection as well as following up on change in laws and make recommendations on changes required. * Stay updated on industry regulations, compliance requirements, and best practices. * Adherence to the laws and regulations of Kenya, the policies and regulations within the insurance industry and all internal company policies and procedures. * Ensuring compliance with applicable statutory and regulatory requirements and establishing mitigation measures against emerging business risks. * Implement effective risk management strategies, including appropriate internal controls, to mitigate operational, financial, and regulatory risks. * Actively participate in cross-functional project teams to drive collaboration, innovation, and accountability across departments and the Group. * Participate in a minimum of 2 company projects per year with an 80% success rate and engage in at least 1 Group-wide project per year. * 100% compliance with your training plan annually to support personal and professional growth, ensuring alignment with career paths and future challenges. * Attain the Company’s CAI target score by embedding Jubilee’s values (e.g., innovation, teamwork, excellence) into project execution and team dynamics. * Address interpersonal or project-related conflicts constructively, maintaining team morale and focus on shared goals. * Communicate needs (e.g., tools, training, support) to supervisors to ensure personal and team success * Uphold the Company’s brand integrity by ensuring responsible data governance and compliance with data protection requirements.
* In-depth knowledge of life insurance regulations and industry practices. * Strong understanding of AML, KYC integrity, and Data Privacy requirements. * Analytical and problem-solving skills to assess and address compliance risks. * Excellent communication and interpersonal skills to educate and advise stakeholders. * Ability to collaborate effectively with cross-functional teams. * Detail-oriented with strong organizational and time management abilities. * Proactive approach to staying updated on regulatory developments. * Leadership and influencing skills to drive data protection compliance initiatives across the organization.
* Bachelor’s degree in law or any other related Degree. * Advanced degree or professional certifications in Data Protection.
JOB-697734c989748
Vacancy title:
Data Protection Officer
[Type: FULL_TIME, Industry: Professional Services, Category: Legal, Business Operations, Computer & IT]
Jobs at:
Jubilee Insurance
Deadline of this Job:
Friday, January 30 2026
Duty Station:
Nairobi | Nairobi
Summary
Date Posted: Monday, January 26 2026, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about Jubilee Insurance
Jubilee Insurance jobs in Kenya
JOB DETAILS:
Background information about the job or company (e.g., role context, company overview)
Jubilee Insurance was established in August 1937, as the first locally incorporated Insurance Company based in Mombasa in 1937. Jubilee Insurance has spread its sphere of influence throughout the region to become the largest Composite insurer in East Africa, handling Life, Pensions, general and Medical insurance.
Role Purpose
The purpose of this role is to establish, implement and enforce a robust Data Protection and compliance framework and systems (policies, processes and tools) to ensure that Jubilee Insurance companies are compliant with the Data Protection Act and Regulations.
Responsibilities or duties
Strategy
- Collaborate with senior management and other key stakeholders to implement the strategic direction for Data Protection Function with the Life Company. This involves analyzing market trends, assessing industry dynamics, and identifying opportunities for improvement and growth.
- Keep abreast of regulatory developments and industry initiatives and advise management accordingly.
- Data Privacy Impact Assessments: Conduct privacy impact assessments for new products, processes, or systems that involve the collection and processing of personal data.
- Data Retention Policies: Develop and enforce data retention policies to ensure data is retained only for the necessary period and in accordance with legal requirements.
Operational
- Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies.
- Evaluate the existing data protection framework to identify areas of no or partial compliance, maintaining a register of all compliance levels and rectify any issues that may arise.
- Guiding the Company, departments, and all support functions on implementation of Data Protection Act requirements and supporting them to ensure compliance with the Act.
- Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements.
- Conducting audits to ensure compliance, accountability and address potential issues proactively.
- Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities through co-operating with them during inspections and by responding to any complaints or queries raised with regards to Data Protection.
- Monitoring performance and adherence to the requirements to relevant regulation while providing advice on the data protection impact assessment.
- Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities.
- Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, and measures the company has put in place to protect personal and/or sensitive information and raise awareness on all of the above.
- Advising and recommending the interpretation and/or application of the Data Protection Act or any other written law on data privacy.
- Handling queries or complaints internally or externally regarding data confidentiality and use.
- Providing status updates to the Head of Risk & Compliance, Senior and Middle Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirements.
- Creating an Information Base: Guide and support on the creation of an information based on Data Protection and any other elements which may be helpful to the controllers and the staff of the organization.
- Relationship Building: Build a stable professional relationship with data controllers providing advice where necessary and investing time and efforts in showing the benefits of data protection compliance.
- Support the business in preparation of digital and other privacy statements as may be required for the business and ensure processes are put in place for collection of consents from the relevant data subjects and partners
- Ensure the business has relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums.
- Preparing an annual work programme at the beginning of each year for the upcoming year for the sign-off by the Head of Risk & Compliance.
- Networking with other Data Protection Officers to share information and keep up with information and emerging trends around data protection as well as following up on change in laws and make recommendations on changes required.
Corporate Governance
- Compliance: Stay updated on industry regulations, compliance requirements, and best practices.
- Adherence to the laws and regulations of Kenya, the policies and regulations within the insurance industry and all internal company policies and procedures.
- Ensuring compliance with applicable statutory and regulatory requirements and establishing mitigation measures against emerging business risks.
- Implement effective risk management strategies, including appropriate internal controls, to mitigate operational, financial, and regulatory risks.
People & Culture
- Cross-Functional Collaboration: Actively participate in cross-functional project teams to drive collaboration, innovation, and accountability across departments and the Group.
- Employee Collaboration Index: Participate in a minimum of 2 company projects per year with an 80% success rate and engage in at least 1 Group-wide project per year.
- Skills and Competency Development Index: 100% compliance with your training plan annually to support personal and professional growth, ensuring alignment with career paths and future challenges.
- Cultural Alignment Index (CAI): Attain the Company’s CAI target score by embedding Jubilee’s values (e.g., innovation, teamwork, excellence) into project execution and team dynamics.
- Conflict Resolution: Address interpersonal or project-related conflicts constructively, maintaining team morale and focus on shared goals.
- Resource Advocacy: Communicate needs (e.g., tools, training, support) to supervisors to ensure personal and team success
Jubilee Life Brand
Uphold the Company’s brand integrity by ensuring responsible data governance and compliance with data protection requirements.
Qualifications or requirements (e.g., education, skills)
Key Competencies
- In-depth knowledge of life insurance regulations and industry practices.
- Strong understanding of AML, KYC integrity, and Data Privacy requirements.
- Analytical and problem-solving skills to assess and address compliance risks.
- Excellent communication and interpersonal skills to educate and advise stakeholders.
- Ability to collaborate effectively with cross-functional teams.
- Detail-oriented with strong organizational and time management abilities.
- Proactive approach to staying updated on regulatory developments.
- Leadership and influencing skills to drive data protection compliance initiatives across the organization.
Academic Background & Relevant Qualifications
- Bachelor’s degree in law or any other related Degree.
- Advanced degree or professional certifications in Data Protection.
Experience needed
- Minimum 3-4 years’ experience within the data protection sector, risk management and compliance space.
- In-depth knowledge of life insurance industry.
- Proven track record o
Work Hours: 8
Experience in Months: 36
Level of Education: bachelor degree
Job application procedure
Interested in applying for this job? Click here to submit your application now.
send your cv
All Jobs | QUICK ALERT SUBSCRIPTION
