About Us:

Nation Media Group PLC is the largest independent media and digital content company in East and Central Africa. It has a global digital footprint as well as newspapers, television and radio broadcasting operations in Kenya, Uganda, Tanzania, and Rwanda. We attract unparalleled global audiences and see great opportunities in quality and diverse content that inform, educate, and entertain consumers beyond news. We are committed to empowering Africa through independent journalism, founded on key values that enable us to provide highly desirable and engaging content that fits into people's lives.

Our Commitment to Our Employees:

We envision to be the Media of Africa for Africa. Our mission is to positively influence society by providing media that informs, educates, and entertains.

At NMG, we believe in equal employment opportunities and that all voices should be heard. We strive to provide a supportive workplace with good facilities and benefits for all our employees. Our values are: Continuous Improvement & Innovation, Consumer Focus, We Are a Team, Integrity & Trust, and Drive for Performance.

Role Overview:

The Data Protection Officer (DPO) is responsible for overseeing data protection strategy, compliance, and governance across all Nation Media Group operations in Kenya, Uganda, and Tanzania. The role ensures that NMG's collection, storage, processing, and sharing of personal data complies with regional and international data protection laws including Kenya's Data Protection Act (2019), Uganda's Data Protection and Privacy Act (2019), Tanzania's Personal Data Protection Act (2022), and the EU's GDPR where applicable.

The DPO will act as the trusted advisor on privacy and data governance within the Technology Department and across business units, ensuring that privacy and security are embedded in all NMG products, platforms, and processes.

Key Responsibilities

Governance, Compliance and Policy

• Develop, implement, and maintain NMG's data protection and privacy framework across Kenya, Uganda, and Tanzania. Monitor compliance with applicable data protection legislation, corporate policies, and global best practices. Serve as the primary contact point for Data Protection Authorities in all three markets. Maintain and update the organization's Record of Processing Activities. Conduct regular data protection impact assessments and recommend mitigating actions. Lead internal and external audits to assess compliance with data protection requirements. Draft, review, and update privacy policies, cookie policies, data-sharing agreements, and retention schedules.

Advisory and Awareness

• Advise management and staff on data protection obligations and best practices.
• Train and sensitize employees across all levels on data privacy, consent, and safe data handling.
• Embed privacy-by-design principles in new digital products, apps, and data systems.
• Provide expert advice on data breaches, including notification requirements and incident handling

Incident and Risk Management

• Manage and investigate data breaches or privacy incidents, coordinating response and mitigation. Liaise with cybersecurity and legal teams to ensure coordinated incident resolution. Develop and maintain a data breach response plan and report key incidents to the CIO and Group Executive. Conduct regular privacy risk assessments and ensure remediation of identified issues

Cross-Functional & Regional Collaboration

• Collaborate with legal, IT security, data analytics, product development, and editorial teams to ensure compliance across NMG platforms. Harmonize privacy practices and data governance standards across NMG's regional subsidiaries. Support digital transformation initiatives by ensuring ethical and compliant use of audience data for personalization, advertising, and analytics.

Qualifications Experience & skills:

Education:

• Bachelor's degree in Law, Computer Science, Information Systems, Data Science, or related field.
• Certification in Data Protection / Privacy (e.g., CIPP/E, CIPM, CDPO-K, or ISO 27701 Lead Implementer) is strongly preferred.

Experience:

• At least 3-5 years of relevant experience, with a minimum of 3 years in a data protection, compliance, or information security role.
• Proven experience implementing data protection programs in multi-country or media/digital environments.
• Familiarity with regional and international data protection frameworks (Kenya, Uganda, Tanzania, GDPR).
• Understanding of IT systems, cloud platforms, cybersecurity principles, and data analytics environments

Health Insurance, Life Insurance, Dental Insurance, Disability Insurance, Paid Vacation, Paid Sick Leave, Vision Insurance

• Develop, implement, and maintain NMG's data protection and privacy framework across Kenya, Uganda, and Tanzania. Monitor compliance with applicable data protection legislation, corporate policies, and global best practices. Serve as the primary contact point for Data Protection Authorities in all three markets. Maintain and update the organization's Record of Processing Activities. Conduct regular data protection impact assessments and recommend mitigating actions. Lead internal and external audits to assess compliance with data protection requirements. Draft, review, and update privacy policies, cookie policies, data-sharing agreements, and retention schedules.
• Advise management and staff on data protection obligations and best practices.
• Train and sensitize employees across all levels on data privacy, consent, and safe data handling.
• Embed privacy-by-design principles in new digital products, apps, and data systems.
• Provide expert advice on data breaches, including notification requirements and incident handling.
• Manage and investigate data breaches or privacy incidents, coordinating response and mitigation. Liaise with cybersecurity and legal teams to ensure coordinated incident resolution. Develop and maintain a data breach response plan and report key incidents to the CIO and Group Executive. Conduct regular privacy risk assessments and ensure remediation of identified issues.
• Collaborate with legal, IT security, data analytics, product development, and editorial teams to ensure compliance across NMG platforms. Harmonize privacy practices and data governance standards across NMG's regional subsidiaries. Support digital transformation initiatives by ensuring ethical and compliant use of audience data for personalization, advertising, and analytics.

• Proven experience implementing data protection programs in multi-country or media/digital environments.
• Familiarity with regional and international data protection frameworks (Kenya, Uganda, Tanzania, GDPR).
• Understanding of IT systems, cloud platforms, cybersecurity principles, and data analytics environments.

• Bachelor's degree in Law, Computer Science, Information Systems, Data Science, or related field.
• Certification in Data Protection / Privacy (e.g., CIPP/E, CIPM, CDPO-K, or ISO 27701 Lead Implementer) is strongly preferred.