Job Description

The Data Protection Officer (DPO) will be responsible for leading the design, implementation, monitoring, and testing of the OpCo’s data protection and privacy compliance programme in line with applicable laws, regulatory requirements, and Airtel Group privacy standards. This role involves developing, reviewing, and strengthening privacy frameworks, policies, procedures, controls, and practices to protect personal data, manage privacy risks, and embed accountability across the business.

Data Privacy Governance

• Ensure the organization’s compliance with applicable data protection laws in Zambia and relevant internal privacy standards.
• Develop and implement internal privacy policies and procedures that align with legal requirements and industry standards , including privacy standards, guidelines, controls, and governance processes.
• Maintain and monitor the OpCo’s privacy compliance obligations register, including regulatory registrations and ongoing obligations as a data controller and/or data processor.
• Monitor regulatory developments and advise the business on applicable privacy obligations and risks.
• Support implementation of the OpCo privacy strategy and roadmap aligned with Airtel Group privacy objectives.

Data Privacy Management

• Ensure Privacy by Design and Privacy by Default principles are embedded across products, systems, and business processes.
• Collaborate with business stakeholders to ensure lawful and compliant processing of personal data across its lifecycle.
• Act as the primary point of contact for privacy incidents and personal data breaches, coordinating investigation, remediation, and regulatory reporting where required.
• Review data flows, data sharing arrangements, retention requirements, and cross-border data transfers to ensure compliance with applicable laws and standards.
• Conduct periodic privacy compliance monitoring, control testing, and readiness assessments to evaluate effectiveness of privacy controls and regulatory compliance.
• Oversee privacy compliance requirements relating to third-party processors, vendors, partners, and outsourcing arrangements.
• Conduct Data Privacy Impact Assessments (DPIAs) to identify and mitigate risks associated with data processing activities, particularly those involving personal data.

Training and Awareness

• Promote a culture of privacy compliance and accountability across the organization.
• Develop and deliver data privacy training and awareness programmes, including mandatory annual privacy training for employees, senior management, and Board members.

Reporting

• Support the preparation of Board and regulatory privacy reports.
• Prepare routine and ad-hoc compliance reports to the Risk Committee and to the Board Audit & Risk Committee.

REQUIREMENTS

Educational Qualifications & Functional / Technical Skills

• Bachelor’s Degree in Law, Business, Finance, Computer Science, or related field.
• A certification related to data privacy, such as the Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT) or Certified Information Privacy Manager (CIPM).

Relevant Experience

• Minimum of 7 years’ relevant experience with hands-on exposure in developing, implementing, monitoring, and testing data privacy compliance program.
• Experience in telecommunications, fintech, financial services, or another regulated industry will be an added advantage.

Competencies Required For The Post

• Strong analytical skills and problem-solving skills.
• Excellent and effective communications skills, both orally and in writing
• Strong stakeholder management skills and cultural sensitivity.
• High level of integrity, confidentiality, and professionalism.
• Strong understanding of data protection laws, privacy governance, and compliance frameworks.
• Ability to prepare clear and concise management reports and briefings.

• Ensure the organization’s compliance with applicable data protection laws in Zambia and relevant internal privacy standards.
• Develop and implement internal privacy policies and procedures that align with legal requirements and industry standards , including privacy standards, guidelines, controls, and governance processes.
• Maintain and monitor the OpCo’s privacy compliance obligations register, including regulatory registrations and ongoing obligations as a data controller and/or data processor.
• Monitor regulatory developments and advise the business on applicable privacy obligations and risks.
• Support implementation of the OpCo privacy strategy and roadmap aligned with Airtel Group privacy objectives.
• Ensure Privacy by Design and Privacy by Default principles are embedded across products, systems, and business processes.
• Collaborate with business stakeholders to ensure lawful and compliant processing of personal data across its lifecycle.
• Act as the primary point of contact for privacy incidents and personal data breaches, coordinating investigation, remediation, and regulatory reporting where required.
• Review data flows, data sharing arrangements, retention requirements, and cross-border data transfers to ensure compliance with applicable laws and standards.
• Conduct periodic privacy compliance monitoring, control testing, and readiness assessments to evaluate effectiveness of privacy controls and regulatory compliance.
• Oversee privacy compliance requirements relating to third-party processors, vendors, partners, and outsourcing arrangements.
• Conduct Data Privacy Impact Assessments (DPIAs) to identify and mitigate risks associated with data processing activities, particularly those involving personal data.
• Promote a culture of privacy compliance and accountability across the organization.
• Develop and deliver data privacy training and awareness programmes, including mandatory annual privacy training for employees, senior management, and Board members.
• Support the preparation of Board and regulatory privacy reports.
• Prepare routine and ad-hoc compliance reports to the Risk Committee and to the Board Audit & Risk Committee.

• Strong analytical skills and problem-solving skills.
• Excellent and effective communications skills, both orally and in writing
• Strong stakeholder management skills and cultural sensitivity.
• High level of integrity, confidentiality, and professionalism.
• Strong understanding of data protection laws, privacy governance, and compliance frameworks.
• Ability to prepare clear and concise management reports and briefings.

• Bachelor’s Degree in Law, Business, Finance, Computer Science, or related field.
• A certification related to data privacy, such as the Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT) or Certified Information Privacy Manager (CIPM).