Job Description
M.P Shah Hospital is looking to recruit a professional, and evidence-driven person for a vacancy in Internal Audit Department, as Data Protection Officer.
Reporting to the Head of Department Internal Audit, the purpose of the role is to implement and enforce Hospital wide data protection compliance framework and systems to ensure the Hospital is compliant with the Data protection laws
and regulations.
Duties and Responsibilities:
1. Act as the primary point of contact within the Hospital for members of staff, regulators, and any relevant public bodies on issues related to data protection.
2. Advise the Hospital and employees on data processing requirements provided under this Act or any other written laws.
3. Establishing a Data Protection framework and implementation plan, amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders including developing templates for data collection and assisting with data mapping.
4. Support the Hospital in preparation of privacy statements for each processing operation, and ensuring processes are put in place to ensure that the privacy statement is provided to data subjects on all Hospital forms and/or literature, websites and other communication or data collection mediums. Work with legal team to ensure full compliance on all data protection laws
5. Providing quarterly status updates to senior and middle management and drawing immediate attention to any failure to comply with the applicable data protection rules.
6. Carry out an ongoing assessment on the data within our organization whether received or created by you, transferred/ shared within and outside Kenya including, including its storage and security, and to establish your current status in terms of DPA compliance.
7. Review of third party contracts to determine compliance with the DPA and identify the data controllers and data processors within and outside the organization and assist with the preparation of required consents and agreements with the provision of templates as required
8. Training of Hospital staff on the impact on their work by the DPA, the handling of sensitive medical data, the exceptions to the DPA in respect of medical records and personal data handled and the effect of the resulting policies and SOP’s.
9. Review, amend and develop policies and procedures [including data consent forms and agreements] for purposes of compliance with the DPA.
10. Assess and advise on the procedures for identifying and reporting data breaches and unauthorized data access.
Qualifications and Requirements
1. Bachelor of Science in Computer Science or an equivalent.
2. Certified Information Systems Auditor (CISA) certification/Certified Information Systems Security Professional (CISSP)/ Certified Information Security Manager (CISM) certification
3. Have carried out at least one Data Protection Impact Assessment exercise would be an Advantage
4. Minimum of three years’ experience working in a data protection compliance or a related field
5. Strong project management skills.
6. Ability to work well under pressure and manage sensitive and confidential information.
7. Excellent verbal and written communication skills, with strong attention to detail.