Data Privacy Officer
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Al Ahli Bank seeks a Data Privacy Officer to execute personal data protection requirements, maintain privacy compliance evidence, and coordinate with business, IT, cybersecurity, legal, and vendors.
Key Skills for This Role
Responsibilities
- Receive, validate, document, and coordinate responses to data subject requests
- Prepare and maintain privacy notices and consent records
- Create, maintain, and update records of processing activities
- Conduct and document privacy impact assessments
- Maintain personal data inventory and coordinate classification
- Review data sharing requests and prepare agreements
- Maintain cross border transfer register and conduct risk assessments
- Review third party and processor privacy compliance
- Coordinate breach analysis and notification
- Conduct privacy awareness activities and maintain training evidence
Requirements
- Experience in data privacy or related compliance role
- Knowledge of data protection regulations and frameworks
- Strong documentation and organizational skills
- Ability to coordinate with multiple stakeholders
Full Job Posting
Role Summary
- The Data Privacy Officer is the operational owner responsible for executing personal data protection requirements.
- The role maintains the privacy compliance evidence base, coordinates with business, IT, cybersecurity, legal, procurement, and vendors, and ensures that processing activities, data subject requests, privacy impact assessments, breaches, disclosures, processor activities, and cross border transfers a
Data Subject Rights and Communication Channels
- Receive, validate, document, and coordinate responses to data subject requests including access, copy, correction, update, completion, destruction, and consent withdrawal.
- Ensure requests are acted upon within the required timelines and that extensions, refusals, and justifications are documented.
- Verify requester identity before executing rights requests and maintain records for oral and written requests.
- Operate or coordinate approved communication channels for data subject rights such as email, SMS, national address, electronic applications, or other lawful channels.
Privacy Notices, Consent, and Marketing Controls
- Prepare and maintain privacy notices that explain controller identity, contact details, processing purposes, legal basis, retention periods, rights, consent withdrawal, and whether processing is mandatory or optional.
- Coordinate consent capture and evidence, ensuring consent is freely given, specific, documented, and separate by processing purpose where required.
- Maintain consent withdrawal procedures and coordinate cessation of processing where consent is the sole legal basis.
- Support direct marketing and advertising controls, including opt out mechanisms, sender identity disclosure, consent evidence, and immediate halt of marketing upon withdrawal.
Records of Processing Activities
- Create, maintain, and periodically update written records of personal data processing activities.
- Ensure records include controller details, DPO information where applicable, purposes, personal data categories, data subject categories, retention periods, disclosure recipients, transfers outside the Kingdom, and security measures.
- Make records available for internal review, audit, management reporting, or competent authority request.
Privacy Impact Assessment
- Conduct and document privacy impact assessments for sensitive data, linked datasets, large scale or repetitive processing, monitoring, new technologies, automated decisions, or services likely to cause serious privacy harm.
- Assess processing purpose, legal basis, data sources, recipients, geographical scope, context, proportionality, severity and likelihood of harm, and mitigating controls.
- Coordinate re assessments when processing risks remain high or proposed processing may harm data subject privacy.
- Support legitimate interest assessments where processing relies on legitimate interest, ensuring necessity, balance of interests, reasonable expectations, and exclusion of sensitive data.
Data Classification and Inventory Support
- Maintain the personal data inventory and coordinate classification activities with business and system owners.
- Support classification based on impact, sensitivity, data type, business purpose, and regulatory requirements.
- Track application of classification controls including protective marking, access, usage, storage, data sharing, retention, disposal, archival, and declassification.
- Escalate unclear or high risk classification decisions to the Chief Data Privacy Officer.
Data Sharing Operations
- Receive and review data sharing requests from internal or external parties.
- Validate purpose, legal basis, data minimization, classification, authorization, data type, preprocessing, safeguards, sharing duration, frequency, termination, and liability requirements.
- Prepare data sharing agreements or privacy schedules and coordinate approvals before data is shared.
- Maintain records of data sharing requests, decisions, agreements, controls, and evidence of implementation.
Cross Border Transfer Operations
- Maintain the register of personal data transfers or disclosures outside the Kingdom.
- Conduct transfer risk assessments where required, covering purpose, legal basis, transfer nature, geographical scope, safeguards, data minimization, potential material or moral effects, and mitigation controls.
- Validate use of approved safeguards such as standard contractual clauses, binding common rules, accreditation/certification, or other safeguards approved by the competent authority.
- Monitor transfers for changes in safeguards, sub processors, countries, transfer purpose, or regulatory conditions and escalate issues requiring halt or remediation.
Processor and Third Party Privacy Compliance
- Review third party and processor privacy questionnaires, due diligence evidence, and contractual privacy clauses.
- Ensure processor agreements define processing purpose, personal data categories, processing duration, breach notification duties, foreign regulatory exposure, mandatory disclosures, sub processors, and data destruction/return requirements.
- Track processor and sub processor approvals, objections, assurance reviews, and remediation actions.
- Coordinate periodic processor compliance assessments and maintain evidence.
Personal Data Breach and Incident Support
- Coordinate with cybersecurity and incident response teams to identify whether a security incident qualifies as a personal data breach.
- Prepare breach analysis including time/date/circumstances, data categories, number of affected data subjects, type of personal data, risks, actions taken, future mitigation, and contact details.
- Support notification to the competent authority within the required timeframe where applicable.
- Prepare data subject notification content in simple and clear language where the breach may harm data subjects or conflict with their rights or interests.
- Maintain breach reports, corrective actions, supporting evidence, and lessons learned.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at البيت الأهلي للتمويل
Senior Customer Care
Jiddah, KSA
We are seeking a Senior Customer Care specialist to manage and analyze complaints, ensure quality reports, and improve performance. You will handle complaints via E-SAMA, prepare analytical reports, and support the conta
Sales Consultant ( Ijarah )
Jiddah, KSA
البيت الأهلي للتمويل seeks a Sales Consultant for Ijarah (Islamic leasing) to assess creditworthiness, process financing applications, and visit clients. The role involves sales, client relationship management, and achie
AP senior Accountant Insurance
Jiddah, KSA
Job Title; AP senior Accountant Insurance Responsible for insurance-related accounting activities, reconciliations, reporting, and supporting compliance with IFRS and internal controls. Priority Responsibility/Tasks (( n
Senior Cybersecurity GRC Officer
Jiddah, KSA
Job Purpose: The Senior Cybersecurity GRC Officer is responsible for leading and executing cybersecurity governance, risk, compliance, policy management, control assessment and audit support activities. The role identifi