Data Protection Officer

Join My Clinic the leading multispecialty outpatient care provider in Saudi Arabia, where our mission to help people live longer, healthier, and happier lives drives everything we do. Since 2017, we've been at the forefront of healthcare, combining innovation with a deep commitment to care, collaboration, ambition, and responsibility. As we continue to grow and reach new heights, we're looking for passionate individuals who share our vision and values.

Job Summary:

The Data Protection Officer (DPO) will oversee and ensure compliance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) for My Clinic. This role is critical in safeguarding personal data, implementing robust data protection policies, and ensuring adherence to regulatory requirements. The DPO will act as the primary point of contact for data protection matters, working closely with internal teams and external stakeholders to foster a culture of data privacy and security.

Primary Responsibilities:

• PDPL Compliance: Ensure the organization’s data processing activities comply with KSA’s Personal Data Protection Law (PDPL) and related regulations.
• Policy Development: Develop, implement, and maintain data protection policies, procedures, and guidelines to align with PDPL requirements.
• Risk Assessment: Conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate risks related to personal data processing.
• Training and Awareness: Design and deliver training programs to educate employees on PDPL obligations and best practices for data protection.
• Data Subject Requests: Manage and respond to data subject requests, including access, correction, deletion, and data portability, in accordance with PDPL.
• Incident Management: Oversee the identification, investigation, and reporting of data breaches to the relevant authorities within the stipulated timeframes under PDPL.
• Stakeholder Liaison: Act as the primary point of contact for the Saudi Data and Artificial Intelligence Authority (SDAIA) and other regulatory bodies on data protection matters.
• Monitoring and Auditing: Regularly audit data processing activities to ensure ongoing compliance with PDPL and internal policies.
• Third-Party Management: Review and manage contracts with third-party data processors or controllers to ensure compliance with PDPL requirements.
• Advisory Role: Provide expert advice to senior management and business units on data protection risks and compliance strategies.

Education / Professional Qualifications:

• Education Degree: Bachelor’s degree in law, Information Technology, Cybersecurity, Business Administration, or a related field.
• Years of Experience: Minimum of 5 years of experience in data protection, privacy, or compliance roles, with at least 2 years in a managerial or advisory capacity.
• Knowledge: In-depth understanding of KSA’s PDPL, data protection principles, and international privacy regulations. Familiarity with KSA’s regulatory environment and SDAIA’s role is a plus.
• Technical Skills: Proficiency in data governance frameworks, risk assessment tools, and information security practices.
• Professional Certification: CIPM, CIPT, CIPP/E, ISO 27001 LA, or IAPP membership (highly desirable)

Experts & Skills:

• Strong analytical and problem-solving skills to assess risks and develop effective solutions.
• Excellent communication and interpersonal skills to engage with stakeholders at all levels.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• High ethical standards and integrity in handling sensitive and confidential information.
• Proactive approach to staying updated on evolving data protection laws and technologies.
• Effective verbal and written communication skills.
• Excellent analytical and problem-solving skills.
• Attention to detail.