Data Protection Officer at Fairmont Hotels & Resorts

Fairmont

  • Nairobi
  • Permanent
  • Full-time
  • 6 days ago
Job DescriptionReporting to the Cluster General Manager, responsibilities and essential job functions include but are not limited to the following:
  • Ensure compliance with Kenya’s Data Protection Act (2019), GDPR (where applicable), and Accor Group Data Protection policies.
  • Serve as the main point of contact between the hotel cluster and the Office of the Data Protection Commissioner (ODPC) and other relevant regulatory authorities.
  • Monitor changes in data protection legislation and update policies accordingly.
  • Develop, implement, and maintain internal data protection policies and procedures.
  • Conduct regular audits and assessments of data processing activities across departments (Front Office, Reservations, IT, Finance, Sales & Marketing, etc.).
  • Ensure all departments adhere to approved data handling and processing protocols.
  • Develop and deliver ongoing training programs for employees on data privacy, confidentiality, and best practices.
  • Promote a culture of data privacy and security across both properties.
  • Evaluate and advise on the data protection impact assessments (DPIAs) for new projects or technologies involving personal data.
  • Respond to and manage data breaches in accordance with internal protocols and regulatory requirements.
  • Maintain a data breach register and report incidents to management within statutory timelines.
  • Work closely with Front Office, Reservations, HR, IT, Marketing, and third-party vendors to ensure data processing activities comply with privacy regulations.
  • Maintain a data processing inventory and ensure accurate recordkeeping of guest and employee data practices.
  • Facilitate and manage all requests relating to the rights of data subjects (access, correction, erasure, restriction, etc.).
  • Maintain records of all such requests and ensure timely and compliant responses.
  • Liaise with Accor regional DPOs and Regional teams to ensure alignment with global policies.
  • Prepare regular compliance reports for the Cluster General Manager.
  • Collaborate with IT and Security teams to ensure technical safeguards are adequate and up to date.
Qualifications
  • Bachelor's degree in Law or relevant degree in Information Security or Technology, Data Governance, or a related field.
  • Certified Data Protection Officer (CDPO), CIPP/E, CIPM, or other relevant certification is an asset.
  • Minimum 3 years of experience in IT Department /Data protection, compliance, legal, or risk management—preferably in hospitality or multinational settings.
  • Strong knowledge of Kenyan Data Protection Act 2019, GDPR, and international data privacy frameworks.
  • Experience conducting data audits, managing privacy impact assessments, and handling data breaches.
Method of ApplicationInterested and qualified? Go to to applyBuild your CV for free.

Myjobmag