Data Protection Officer

at GOPA Infra
Published February 7, 2024
Location Amman, Jordan
Category Computer & IT  
Job Type Full Time  

Description

The Data Protection Officer (DPO) will be responsible for overseeing the company's data protection strategy, ensuring compliance with the relevant applicable laws of Jordan including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto, and acting as the point of contact for data protection-related queries, which will also include the company, its shareholders, departments, services providers and any other institution associated with the company as determined by the company from time to time (Group).

While the primary focus is on the laws pertaining data protection including the Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto, knowledge of MENA, Turkey, GDPR and EU rules would be considered an asset.

Key Responsibilities

Data Protection Strategy:
Develop, implement, and monitor the company's data protection strategy to ensure compliance with relevant applicable laws, regulations and instructions issued pursuant thereto.
Stay updated on changes in relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto and inform the Group as well as other relevant stakeholders about their implications.
Utilise knowledge of GDPR and EU data protection rules as an asset in enhancing the overall data protection practices of the company and the Group.
Privacy Compliance:
Monitor, ensure and document the company's compliance with data protection laws, including but not limited to Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto, GDPR, and other relevant regulations and instructions.
Conduct regular privacy impact assessments and audits to identify and mitigate potential risks. Additionally, perform assessments and examinations of database systems, data processing systems, and systems for maintaining the security, integrity, and protection of data in the company and the Group.
Provide recommendations based on the results of assessments and examinations for data protection and monitor the implementation of such recommendations.
Point of Contact:
Act as the main point of contact for data protection authorities, security, and judicial authorities.
Act as the main point of contact for data protection matters with the employees, staff, advisors and other institutions within the Group as well as external parties associated therewith.
Collaborate with other departments within the Group to address and resolve privacy-related issues.
Employee Training:
Develop and deliver training programs on data protection and privacy for employees, staff, and advisors within the Group as well as the relevant data processors.
Raise awareness of data protection policies and best practices across the company and the Group.
Rights of the “concerned person/ data subject”:
Enable concerned persons /data subjects to exercise their rights over their data in accordance the relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto.
Develop internal rules and polices for receiving and handling requests for data correction, erasure, concealment, or transfer made by concerned persons /data subjects in accordance with the applicable laws and regulations.
Data Breach and Complaints:
Develop internal rules for receiving and handling complaints in accordance with the relevant applicable laws including Jordanian Personal Data Protection Law and the regulations and instructions issued pursuant thereto.
Develop and maintain a data breach response plan, ensuring timely and effective responses to incidents.

Minimum qualifications

Bachelor's degree in a relevant field (e.g. Information Technology, Law, Business);
Certification in data protection or privacy (e.g. Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP)) is a plus;
3 years of relevant experience in data protection and privacy;
Excellent written and verbal communication skills.
Soft skills

Strong understanding of data protection laws and regulations;
Excellent communication and interpersonal skills;
Ability to work collaboratively with cross-functional teams;
Detail-oriented with strong analytical and problem-solving skills.

If you are interested in the assigned position, please send your application via email.

The application should include the following documents and information:

Your CV in English language, EU-format preferred;
A list of reference persons with contact details, if not included in the CV already.

Drop files here browse files ...