Data Protection Manager at Exim Bank
Job Overview
Data Protection Manager at Exim Bank
Exim Bank
Dar es Salaam
Job Description
To ensure the bank’s adherence to the Personal Data Protection Act and Regulations. The incumbent will be responsible for implementing a privacy governance framework, conducting privacy impact assessments, coordinating and conducting data privacy audits, reporting violations, advising on rectification measures, handling data subject inquiries and complaints, and providing support in all matters related to personal data protection/privacy.
Roles & Responsibilities
Data Protection
Implementing measures and a privacy governance framework to manage data use in compliance with the Personal Data Protection Act, including developing templates for data collection, and assisting with data mapping.
Working with key internal stakeholders in the review of projects, products, services, processes, and related data to ensure compliance with the Personal Data Protection Act, and where necessary, complete and advise on privacy impact assessments.
Reviewing vendor contracts and consents needed to implement projects in partnership with the bank’s Procurement and Information Security functions.
Participating in the Personal Data Protection Committee.
Managing and conducting ongoing reviews of the bank’s privacy governance framework.
Monitor and ensure the bank’s compliance with the Personal Data Protection Act and Regulations.
Oversee data processors that process personal data on behalf of the bank, ensuring they also adhere to data protection requirements.
Review and assess the bank’s data processing activities to ensure alignment with regulatory standards.
Train staff across the business on matters related to data Protection.
Provide professional advice and guide internal teams on data protection best practices.
Prepare Data Protection Impact Assessment (DPIA) report
Coordinating and conducting data privacy audits.
Collaborating with the Information Security function to maintain records of all data assets and exports and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests.
Reporting and Advisory
Prepare and submit quarterly reports on the compliance of the Act to the Data Protection Commission.
Prepare and submit reports detailing the bank’s compliance with the Personal Data Protection Act to Management.
Identify and report violations of the Personal Data Protection Act or Regulations within the bank’s data processing activities.
Advise on corrective measures and strategies to rectify personal data protection/privacy non-compliance.
Collaborate with legal and compliance teams to resolve personal data protection/privacy issues efficiently.
Data Subject Handling
Address applications, inquiries, or complaints submitted by data subjects (e.g., employees, customers, students, suppliers, partners, shareholders) related to the collection or processing of their personal data.
Coordinate with internal teams to investigate and respond to data subject requests promptly and in accordance with regulatory requirements.
Maintain records of data subject interactions and resolutions.
Skills and Qualifications.
University degree in Law, Information Security, Computer Science, Risk Management, or related fields.
Strong understanding of personal data protection/privacy laws and regulations,