Manager: Data Protection
Listing reference: capbg_000096
Listing status: Online
Apply by: 4 May 2025
Position summary
Industry: Banking
Job category: Banking, Finance, Insurance. Stockbroking
Location: North-East District
Contract: Permanent
EE position: No
Introduction
Responsible for ensuring that the bank processes personal data in a lawful and correct manner, in accordance with provisions of the Data Protection Act and good practice.
Job description
- Keep a record of all Bank Gaborone processing activities, which shall be immediately accessible to any person applying for access.
- Ensure that the data controller (Bank Gaborone) processes personal data in a lawful and correct manner and in accordance with good practice, and where there are inadequacies , these are reported to the data controller.
- Assists customers to ensure that their rights under the Act are protected.
- Reviews the adequacy of the Binding Corporate Rules and shares the findings with the Legal office for remediation.
- Provides timely notification to the Commissioner where there is contravention of rules applicable for processing personal data.
- Continuous engagements with the Commissioner on implementing rules of processing personal data as per the Act.
- Maintains an inventory and records for all data activities processing conducted by the Bank.
- Assesses and monitors risks emanating from processing operations.
- Works with Legal and Compliance team in the review of Data protection/ privacy processes and procedures for all third-party vendors including outsourced services.
- Take a leading role in the vendor risk assessment to ensure all contracts and SLAs have the right Data Privacy clauses
- Maintains customer request for information as per the Act’s definition of data subject's rights.
- Oversight of the bank's data protection strategy and implementation.
- Provides training to staff on the Data Protection Act and the GDPR requirements.
- Conducting independent and regular assessments/ audits to ensure the Act and GDPRs compliance.
- Liaison/ point of contact between the Bank and the Information and Data protection Commissioner.
- Informs and advises the Bank and staff who carries out processing of their obligations pursuant to the Data protection regulation
- Draft policies and other governance documentation in relation to protection of personal data and processing operations.
- Provide advice where requested as regards to the data protection impact assessment and monitor its performance.
- Monitor non-compliance and escalate any issues where non-compliance is not addressed.
- Timely revision of the DPA impact assessment to identify control weaknesses for remediation.
- Ensure that all employees are aware of the Bank`s Data Protection Policy, control mechanisms and the channel of reporting.
- Prepare monthly and quarterly reports to the Operational Risk Forum, Risk Committee, the Executive Management Team and the Board Risk and Compliance Committee.
- Timely adherence to regulatory requests by regulators and law enforcement agencies.
- Timely review of the Data Protection Policy and guidelines.
Minimum requirements
- Bachelor`s degree in Law (LLB) /Data Information/Information Technology/ Risk Management /Information Security OR any related field,
- At least 5 years’ banking experience, 2 of which should have been in the regulatory Compliance/ Legal/ Cyber Security /information technology or audit preferably in a banking environment.
- A general knowledge and understanding of Data protection and privacy legislation and other core legislations such as Banking Act, Financial Intelligence Act, and the international GDPR
- Sound knowledge of financial and Banking services will be an advantage.
- Good computer literacy /knowledge of MS Word, MS Excel and MS Outlook.
- Ability to communicate effectively, verbally and in writing, to clearly express the logically reasoned ideas.