Data Protection Officer

Department: Cyber Security

Employment Type: Full Time

Location: KSA

Description

Key Responsibilities

• Develop and implement data protection policies, procedures, and guidelines aligned with Saudi PDPL and international standards.
• Ensure data processing complies with PDPL, integrating data protection principles across processes.
• Establish a data governance framework for retention, deletion, and archiving in line with PDPL.
• Review and audit data activities to ensure PDPL compliance, addressing any gaps with corrective actions.
• Maintain documentation to demonstrate compliance, including risk assessments and data protection decisions.
• Guide Data Protection Impact Assessments (DPIAs) and ensure identified risks are mitigated.
• Manage data subject requests (DSARs) and complaints, ensuring timely responses and resolution.
• Develop and maintain a data breach response plan, leading investigations and notifying SDAIA when required.
• Act as the liaison with regulators, coordinating audits, inquiries, and maintaining strong relationships.
• Provide employee training on data protection responsibilities, fostering a culture of compliance.
• Advise senior management on data protection strategy, collaborating with departments to embed practices.
• Ensure compliance with data localization and minimization principles, regularly reviewing processing activities.
• Create and maintain clear, accessible privacy notices, updating them to reflect changes in data or regulations.

Skills, Knowledge and Expertise

• In-depth knowledge of the Saudi Personal Data Protection Law (PDPL) and other 
• applicable data protection regulations.
• Demonstrated experience in a similar position, ideally within regulated sectors such as finance, healthcare, or telecommunications.
• Strong grasp of data protection principles, security protocols, and privacy risk 
• management.
• Exceptional skills in communication, negotiation, and stakeholder management.
• Experience in handling data breaches, managing incident responses, and engaging with regulatory bodies.
• Relevant certifications like CIPP/E, CIPM, CIPT, or other recognized data protection 
• qualifications are preferred.
• Proficiency in both Arabic and English is highly advantageous for effective communication with local authorities and stakeholders.