Data Protection Officer

  • 1715 Idejo St, Victoria Island, Lagos, Nigeria
  • Full-time

Company Description

Eat 'N’ Go Limited is a restaurant group on a mission to become the premier food operator in Africa. So far, our growing family consists of three international brands, Domino's Pizza, Cold Stone Creamery & Pinkberry.
Eat ‘N’ Go limited officially started operation in August 2012 with the premier store at 4, Saka Tinubu Victoria Island, Lagos. Today, Eat N' Go has about 100 stores (outlet) across Nigeria and still growing.

Job Description

The DPO of Eat N Go will perform the responsibilities of a DPO as defined in Article 4.1 of the NDPR, including the following:


• Informing and advising the Company and work with the Snr. Compliance Manager to carry out data processing operations about their obligations under the NDPR and any applicable data protection laws.


• Monitoring compliance with Compliance Manager by the Company with the NDPR and any other applicable data protection provisions.


• Monitoring the strategies of the Company in conjunction with CTO & Snr. Compliance Manager for the protection of personal data, including the allocation of responsibilities, awareness-raising and training of personnel involved in the processing operations, and related verifications.


• On request, advising the Company in connection with Data Privacy Impact Assessment (DPIA) and implementations thereof, pursuant to Article 4.5 of the NDPR.


• Ensuring the cooperation of the Company with the regulatory agencies in respect of issues related to data privacy and protection.


• Serving as a contact point for the regulatory agencies on issues related to personal data processing, including prior consultation on DPIA pursuant of Article 4.5 of the NDPR and, where appropriate, advising on all other issues related to data protection and privacy; and


• Acting as a contact point for the exercise of rights of data subjects under Article 3.1 of the NDPR and advising the Company on the processing of their inquiries related to data processing activities.

• The Data Protection Officer function overlooks data protection compliance in an organisation. Maintaining records of processing of personal data, takes lead in developing data protection and related policy and procedures. The DPO becomes a bridge between related disciplines, such as data protection, IT, audit, compliance, human resources, marketing, legal and security, analysing how the results of data protection schemes may impact the organisation.

Regular review and managing the processes through which the company seeks, records, and manages the consent of Data Subjects to ensure compliance with NDPR data privacy clauses.
• Review the data privacy practices of third-party data processors periodically to assess compliance with data protection clauses in NDPR and various contracts.


• Regular training of company personnel who collect and/or process personal data on their role and responsibilities under the NDPR.


• Ensuring departments comply with development and management of documents of the various data processing activities they carry out.


• Development and management of the policy to deal with subject access requests made by Data Subjects. Monitoring and prevention of any data breaches, and detected, reported, and investigated in coordination with Cyber/network security team.

• Overseeing ENG Group NDPR/GDPR data privacy and policy framework. • Experience in dealing successfully with different business cultures and industries.

• Ensuring that data protection training of employees and company-wide are conducted annually; liaise with the training department (LOC & HR) to include same in their content for the New Team-Members Orientation (NTO).

Qualifications

· B.Sc./HND in Data Science, Information Technology

·Minimum of 5 years’ experience is required

· QSR experience is a plus

· Significant experience in global privacy laws, including drafting of privacy policies, technology provisions, and outsourcing agreements.

· Experience in IT operations and programming including attainment of information security standards certifications and privacy seal/marks.

·Demonstrated leadership skills achieving stated objectives involving a diverse set of stakeholders and managing varied projects.

·Have excellent negotiation skills to interface with NDPR on behalf of the company represented.

·Demonstrated client relationship skills to continuously coordinate with data controllers. • Communication skills to speak with a wide-ranging audience, from the board of directors to data subjects, from managers to IT staff and lawyers.

Additional Information

 Only Qualified candidates will be contacted