Data Protection Officer

Job Description

Reporting to the Cluster General Manager, responsibilities and essential job functions include but are not limited to the following:

• Ensure compliance with Kenya’s Data Protection Act (2019), GDPR (where applicable), and Accor Group Data Protection policies.
• Serve as the main point of contact between the hotel cluster and the Office of the Data Protection Commissioner (ODPC) and other relevant regulatory authorities.
• Monitor changes in data protection legislation and update policies accordingly.
• Develop, implement, and maintain internal data protection policies and procedures.
• Conduct regular audits and assessments of data processing activities across departments (Front Office, Reservations, IT, Finance, Sales & Marketing, etc.).
• Ensure all departments adhere to approved data handling and processing protocols.
• Develop and deliver ongoing training programs for employees on data privacy, confidentiality, and best practices.
• Promote a culture of data privacy and security across both properties.
• Evaluate and advise on the data protection impact assessments (DPIAs) for new projects or technologies involving personal data.
• Respond to and manage data breaches in accordance with internal protocols and regulatory requirements.
• Maintain a data breach register and report incidents to management within statutory timelines.
• Work closely with Front Office, Reservations, HR, IT, Marketing, and third-party vendors to ensure data processing activities comply with privacy regulations.
• Maintain a data processing inventory and ensure accurate recordkeeping of guest and employee data practices.
• Facilitate and manage all requests relating to the rights of data subjects (access, correction, erasure, restriction, etc.).
• Maintain records of all such requests and ensure timely and compliant responses.
• Liaise with Accor regional DPOs and Regional teams to ensure alignment with global policies.
• Prepare regular compliance reports for the Cluster General Manager.
• Collaborate with IT and Security teams to ensure technical safeguards are adequate and up to date.

Qualifications

• Bachelor's degree in Law or relevant degree in Information Security or Technology, Data Governance, or a related field.
• Certified Data Protection Officer (CDPO), CIPP/E, CIPM, or other relevant certification is an asset.
• Minimum 3 years of experience in IT Department /Data protection, compliance, legal, or risk management—preferably in hospitality or multinational settings.
• Strong knowledge of Kenyan Data Protection Act 2019, GDPR, and international data privacy frameworks.
• Experience conducting data audits, managing privacy impact assessments, and handling data breaches.