Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for ensuring Organization compliance with applicable data protection and privacy regulations, overseeing lawful processing of personal and sensitive data, and acting as the primary liaison with regulators on data privacy matters.

KEY RESPONSIBILITIES

1. Regulatory Compliance & Governance

• Ensure compliance with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law – PDPL), UAE Data Office regulations, and applicable CBUAE requirements.

• Develop, implement, and maintain data protection policies, standards, and procedures.

• Embed privacy governance across insurance operations including underwriting, claims, customer service, digital channels, and analytics platforms.

2. Advisory & Oversight

• Advise senior management and business units on data protection obligations and risk exposure.

• Support Privacy-by-Design and Privacy-by-Default across systems and processes.

• Review new initiatives involving personal data, cloud services, AI/ML, and third-party integrations.

3. Data Subject Rights Management

• Oversee processes for data subject access, correction, erasure, restriction, objection, and portability requests.

• Act as escalation authority for data privacy complaints and disputes.

4. Incident & Breach Management

• Lead assessment and response to data breaches and privacy incidents.

• Coordinate regulatory notifications and remediation actions within statutory timelines.

5. Risk Assessments & Documentation

• Conduct Data Protection Impact Assessments (DPIAs).

• Maintain Records of Processing Activities (RoPA).

• Identify, assess, and mitigate privacy risks across systems, applications, and vendors.

6. Third-Party & Cross-Border Data Management

• Review and approve Data Processing Agreements (DPAs).

• Ensure cross-border data transfers comply with PDPL and regulatory requirements.

7. Training, Awareness & Audit Support

• Drive organization-wide data privacy awareness and training programs.

• Support internal audits, external audits, and regulatory inspections.

8. Regulatory Liaison & Reporting

• Act as the primary point of contact with the UAE Data Office and other regulators.

• Provide periodic compliance reports to senior management and the Board.

Requirements

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in Law, Information Security, Risk, Compliance, or related discipline.

• 8–12 years of experience in data protection, privacy, or information governance.

• Prior experience in Insurance or BFSI sector preferred.

• Experience handling sensitive, financial, and health-related personal data.

CERTIFICATIONS (Preferred)

• ISO/IEC 27001 Lead Auditor / Implementer

• CIPP/E, CIPP/A, CIPM, or equivalent privacy certifications

INDEPENDENCE & AUTHORITY

• The DPO shall operate independently and without conflict of interest.

• Direct access to senior management and the Board is mandatory.