4
Job Description
Reporting to the Cluster General Manager, responsibilities and essential job functions include but are not limited to the following:
- Ensure compliance with Kenya’s Data Protection Act (2019), GDPR (where applicable), and Accor Group Data Protection policies.
- Serve as the main point of contact between the hotel cluster and the Office of the Data Protection Commissioner (ODPC) and other relevant regulatory authorities.
- Monitor changes in data protection legislation and update policies accordingly.
- Develop, implement, and maintain internal data protection policies and procedures.
- Conduct regular audits and assessments of data processing activities across departments (Front Office, Reservations, IT, Finance, Sales & Marketing, etc.).
- Ensure all departments adhere to approved data handling and processing protocols.
- Develop and deliver ongoing training programs for employees on data privacy, confidentiality, and best practices.
- Promote a culture of data privacy and security across both properties.
- Evaluate and advise on the data protection impact assessments (DPIAs) for new projects or technologies involving personal data.
- Respond to and manage data breaches in accordance with internal protocols and regulatory requirements.
- Maintain a data breach register and report incidents to management within statutory timelines.
- Work closely with Front Office, Reservations, HR, IT, Marketing, and third-party vendors to ensure data processing activities comply with privacy regulations.
- Maintain a data processing inventory and ensure accurate recordkeeping of guest and employee data practices.
- Facilitate and manage all requests relating to the rights of data subjects (access, correction, erasure, restriction, etc.).
- Maintain records of all such requests and ensure timely and compliant responses.
- Liaise with Accor regional DPOs and Regional teams to ensure alignment with global policies.
- Prepare regular compliance reports for the Cluster General Manager.
- Collaborate with IT and Security teams to ensure technical safeguards are adequate and up to date.
Qualifications
- Bachelor’s degree in Law or relevant degree in Information Security or Technology, Data Governance, or a related field.
- Certified Data Protection Officer (CDPO), CIPP/E, CIPM, or other relevant certification is an asset.
- Minimum 3 years of experience in IT Department /Data protection, compliance, legal, or risk management—preferably in hospitality or multinational settings.
- Strong knowledge of Kenyan Data Protection Act 2019, GDPR, and international data privacy frameworks.
- Experience conducting data audits, managing privacy impact assessments, and handling data breaches.
Additional Information
Physical Aspects of Position (include but are not limited to):
- Constant standing and walking throughout shift
- Frequent standing and walking throughout shift
- Occasional lifting and carrying up to 30 lbs
- Occasional kneeling, pushing, pulling, lifting
- Occasional ascending or descending ladders, stairs and ramps
