The Data Protection Officer will report to Head of Data Privacy and will provide leadership in helping to
ensure that insurance business is fully compliant with local and overseas data privacy legal and regulatory
requirements.
Knowledge and Experience
● Minimum 5 years’ experience in data privacy, protection and/or legal compliance.
● Prior experience as a Data Protection Officer preferred.
● Expert knowledge of local and international Data Privacy Laws i.e., GDPR, PDPL etc.
● A sound understanding of the education sector and particularly of International [or independent]
schools is preferred.
● Experience managing a data protection compliance program is preferred.
● Experience providing advice on regulatory or legislative areas.
● Experience handling data subject requests and complaints.
● Experience in Insurance domain is a big plus.
Duties and Responsibilities
The DPO will have the following duties: To monitor and advise the school and its employees with respect
to the obligations of Data Privacy law.
● To inspect the collection, use or disclosure of Personal Data.
● To monitor compliance with the PDPL – Privacy Data Protection Law – UAE or where applicable
0
● To serve as a point of contact for and cooperate with the regulator in the event of issues orincidents
regarding the collection, use or disclosure of Personal Data.
● To keep secure and confidential personal data known or acquired in the course of the DPO’s
performance of duty.
● To ensure the maintenance of a Record of Processing at the school using a CRM for entering all Data
related information.
● To provide advice on Data Protection Impact Assessments (DPIAs) and monitor their performance.
● To maintain policiesthat enforce compliance with legislation and the business’ internal standards.
● Take a risk-based approach to data protection, involving:
■ Prioritising the higher-risk areas of data protection and focusing on these the most
■ Using their common sense to advise business on whether it should conduct an audit,
provide training in certain areas, and determine what the DPO should spend the most
time doing.
● To liaise with other organisations that process data on the business’ behalf.
● To ensure that the business takes a risk-based approach to its compliance programme.
● To maintain awareness of changes in law and regulatory guidance in issue recommendations to the
school.
● To be the point of contact for data subjects and other parties with whom the business has a
relationship on all aspects of data protection processing and individuals’ rights.
● To actively obtain personal development of skills in data protection relevant to this role.
● Design and conduct all necessary employee data protection training sessions.
● Facilitate and lead all data protection audits and investigations, including handling all personal data
breaches and incidents.
● Be contactable by the business’ data subjects regarding the processing of their personal data and
within their rights under Local/External Data Privacy Laws
● To be the Lead with the processing of Subject Access Requests and complaints.
● Defining the means of processing when the business works with other controllers (as a joint
controller) or with data processors, ensuring that legal processing methods are recorded and
communicated when entities other than the school are involved in the processing of personal data.
● Training Staff
Qualifications
● A degree or equivalent from an accredited university is desirable.
● Strong understanding of Information Technologies and data privacy
● Formal certification in data protection is desirable, for example CIPP/E or CIPM.
● The ability to promote a data protection culture within the school
Personal and professional qualities
● Integrity and an appreciation of individuals' fundamental rightsto privacy.
● Strong organisational skills with attention to detail.
● Good computer skills.
● Excellent communication skills, particularly in writing.
● Ability to take a strategic approach.
● Excellent teamwork and interpersonal skills, with proven ability to maintain relationships across a
school or other organisation
● Ability to explain complex data protection and information security information to a non-specialist
audience
● Ability to work independently and autonomously with minimal supervision
● Commitment to maintaining confidentiality at all times