Data Protection Officer

Location
Riyadh, Saudi Arabia

About
To be accountable for and oversee data protection in the company in compliance with the data protection laws and to be the central point of contact for implementation projects, regulator engagement, and strategic privacy questions.

Responsibilities

• Collaborate with the company senior management, Legal and Cyber Security teams to implement the company data protection and AI compliance program, aligned with the global privacy strategy.
• Act as a point of contact for the Saudi Data & AI Authority (SDAIA) and other regulators in the Kingdom of Saudi Arabia.
• Align policies, practices, and procedures, as well as investigations and assessments, with internal stakeholders.
• Promote a privacy-oriented corporate culture and ensure continuous training and awareness measures at the company.
• Lead the company’s data governance program, focusing on data classification and enabling the exercise of data subject rights.
• Monitor and update the company’s records of personal data processing activities.
• Support and advise the business and operational teams on data protection-related matters.
• Perform privacy assessments and audits in alignment with the Personal Data Protection Law of the Kingdom of Saudi Arabia (PDPL) requirements and global standards.
• Internal and external reporting of compliance KPIs.
• Provide support and advice regarding all aspects of Personal Data Protection, including contributing to developing policies and internal procedures related to Personal Data protection.
• Participate in awareness activities, training, and transfer of knowledge regarding Personal Data protection and compliance with provisions of the Law, Regulations, and ethics of data handling.
• Contribute to reviewing plans of response to Personal Data Breach incidents, ensuring that such plans are adequate and effective.
• Prepare periodic reports regarding activities related to the processing of Personal Data and provide recommendations to ensure compliance with provisions of the Law and its Regulations.
• Maintain the confidentiality of Personal Data and its level of sensitivity based on its classification and relevant regulatory requirements to determine the adequate level of protection and processing mechanism.
• Monitor the SDAIA’s issued laws, regulations, and instructions, implement any amendments, and inform relevant departments to ensure compliance.
• Collaborate with individuals responsible for implementing activities related to AI ethics to ensure compliance with Personal Data Protection and Data Subjects’ privacy.

Qualifications

• Bachelor’s degree in Law or equivalent qualification.
• 3+ years working experience in data protection, preferably in a regulated entity in Saudi Arabia or the MENA region.
• Certified expertise on data protection and AI legislation, with solid knowledge of information security practices (IAPP CIPP, S-CDPO, CISSP or similar industry-standard certifications are a plus).
• Proven track record of implementing compliance requirements and managing privacy projects.
• Deep understanding of the interrelations between law and technology (previous experience in the online tech industry is welcomed).
• Experience in investigating potential privacy incidents, determining reporting requirements, and developing risk-based corrective action plans.
• Strong negotiation skills in interactions with supervisory authorities.
• Sufficient knowledge of Personal Data breach risks.
• Sufficient knowledge of regulatory measures for Personal Data protection and other relevant organizational measures for performing DPO tasks.
• Honesty and integrity, and not having been convicted of any offense involving dishonesty or breach of trust.
• Written and spoken fluency in Arabic and English are required.