Data Protection Officer

About the job

Who We Are

RAK Ceramics

The Role

The Data Protection Officer (DPO) ensures RAK Ceramic’s compliance with global data privacy regulations, across various countries, e.g., European GDPR, UAE Data Protection Law, USA data protection rules, Saudi Arabia’s PDPL, India’s Digital Personal Data Protection (DPDP) Act, Bangladesh data protection rules etc. This role is a central management role for addressing data protection risks and building trust with regional stakeholders. Reporting to the Head of Information security, the DPO will advise teams, oversee global data privacy programs, handle regulatory communication, and lead compliance audits and staff training. With at least 5 years of experience in this field, the ideal candidate will have a strong understanding of international data laws and the ability to drive a culture of privacy across the organization.

What You Will Be Doing

• Act as the organization’s subject matter expert on data protection and privacy laws across relevant jurisdictions.
• Prepare, draft and implement data processing agreements, policies and frameworks
• Ensure full compliance with international and local data protection regulations.
• Design and implement data protection policies, frameworks, and controls.
• Serve as a liaison with supervisory authorities and stakeholders.
• Advocate a company-wide culture of data privacy and accountability
• Develop, review, and update the organization’s data protection policies and practices in line with evolving laws.
• Monitor and assess compliance with data protection legislation in each country where RAK Ceramics operates, e.c., the EU (GDPR), USA, UAE, KSA, Bangladesh, India etc.
• Conduct regular internal audits and data protection impact assessments (DPIAs).
• Collaborate with IT, Legal, HR, and other business units to embed privacy by design into processes and systems.
• Respond to and manage data subject access requests (DSARs), breaches, and complaints in coordination with legal and technical teams.
• Develop and lead training sessions on data protection awareness for staff across regions.
• Maintain and update Records Of data Processing Activities (ROPA) as required by applicable laws.
• Act as the primary contact point for data protection authorities and external stakeholders.

What We Are Looking For

Some of the key competencies required for the role include:

Functional

Data and Risk Management

• Experience of having dealt with regulatory authorities on “data privacy matters”
• Data classification and handling procedures
• Data retention and disposal schedules
• Personal data inventory and data flow mapping
• Data Protection Impact Assessments (DPIAs)
• Third-party/vendor data processing and contract compliance
• Preparation of Organizational Policies and Practices
• Data Governance and Risk Management
• Data classification and handling procedures
• Data retention and disposal schedules
• Personal data inventory and data flow mapping
• Data Protection Impact Assessments (DPIAs)
• Third-party/vendor data processing and contract compliance
• Organizational Policies and Practices

Information Security & Privacy Policy

• Acceptable Use and Access Control Guidelines
• Data Breach Response Plan and Notification Protocol
• Incident Handling and Reporting Procedures
• Record of Processing Activities (ROPA) documentation
• Employee Awareness and Operational Conduct

Employee data handling and confidentiality guidelines

• Consent collection and processing protocols
• Bring Your Own Device (BYOD) and remote work data usage
• Guidelines for customer service and marketing departments on lawful data use
• Privacy by Design and Default principles integration

Monitoring, Audit, and Reporting

• Internal audit checklists for data protection compliance
• Metrics and KPIs for privacy program effectiveness
• Reporting templates for regulatory authorities
• Guidelines for responding to Data Subject Access Requests (DSARs)

Behavioural

• Stakeholder management and Leadership Influence
• Problem-Solving & Critical Thinking
• Proactive & Strategic Thinking
• Communication & Collaboration
• Attention to Detail
• Decision-Making Under Pressure
• Adaptability & Continuous Learning
• Ethical Responsibility

Our Ideal Match

• A Bachelor’s degree in related field and Master’s Degree is Ideal.
• 10 to 14 years of experience including minimum 5 to 8 years in Data Protection role.
• Data Protection Laws of various countries like UAE, KSA, EU (GDPR), USA, IN (DPDP) etc.
• ISMS (ISO 27001/NIST)

RAK Ceramics is an Equal Opportunity Employer.

We do not discriminate on the basis of race, colour, religion, gender, nationality, disability, age, or marital status.