Data Protection Officer-(Sp6)

Data Protection Officer-(SP6)

Listing reference: capbg_000058

Listing status: Online

Apply by: 20 September 2024

Position summary

Introduction

Responsible for ensuring that the bank processes personal data in a lawful and correct manner, in accordance with provisions of the Data Protection Act and good practice.

Job description

• Keep a record of all Bank Gaborone processing activities, which shall be immediately accessible to any person applying for access.
• Ensure that the data controller (Bank Gaborone) processes personal data in a lawful and correct manner and in accordance with good practice, and where there are inadequacies , these are reported to the data controller.
• Assists customers to ensure that their rights under the Act are protected.
• Reviews the adequacy of the Binding Corporate Rules and shares the findings with the Legal office for remediation.
• Provides timely notification to the Commissioner where there is contravention of rules applicable for processing personal data.
• Continuous engagements with the Commissioner on implementing rules of processing personal data as per the Act.
• Maintains an inventory and records for all data activities processing conducted by the Bank.
• Assesses and monitors risks emanating from processing operations.
• Works with Legal and Compliance team in the review of Data protection/ privacy processes and procedures for all third-party vendors including outsourced services.
• Take a leading role in the vendor risk assessment to ensure all contracts and SLAs have the right Data Privacy clauses
• Maintains customer request for information as per the Acts definition of data subject's rights.
• Oversight of the bank's data protection strategy and implementation.
• Provides training to staff on the Data Protection Act and the GDPR requirements.
• Conducting independent and regular assessments/ audits to ensure the Act and GDPRs compliance.
• Liaison/ point of contact between the Bank and the Information and Data protection Commissioner.
• Informs and advises the Bank and staff who carries out processing of their obligations pursuant to the Data protection regulation
• Draft policies and other governance documentation in relation to protection of personal data and processing operations.
• Provide advice where requested as regards to the data protection impact assessment and monitor its performance.
• Monitor non-compliance and escalate any issues where non-compliance is not addressed.
• Timely revision of the DPA impact assessment to identify control weaknesses for remediation.
• Ensure that all employees are aware of the Bank`s Data Protection Policy, control mechanisms and the channel of reporting.
• Prepare monthly and quarterly reports to the Operational Risk Forum, Risk Committee, the Executive Management Team and the Board Risk and Compliance Committee.
• Timely adherence to regulatory requests by regulators and law enforcement agencies.
• Timely review of the Data Protection Policy and guidelines.

Minimum requirements

• Bachelor`s degree in Law (LLB) /Data Information/Information Technology/ Risk Management /Information Security OR any related field,
• At least 5 years banking experience, 2 of which should have been in the regulatory Compliance/ Legal/ Cyber Security /information technology or audit preferably in a banking environment.
• A general knowledge and understanding of Data protection and privacy legislation and other core legislations such as Banking Act, Financial Intelligence Act, and the international GDPR
• Sound knowledge of financial and Banking services will be an advantage.
• Good computer literacy /knowledge of MS Word, MS Excel and MS Outlook.
• Ability to communicate effectively, verbally and in writing, to clearly express the logically reasoned ideas.