Job Description

About the role:

• The Data Privacy & Protection Officer will support the Compliance Team in implementing and maintaining TeamApt’s Data Protection framework in compliance with the Nigeria Data Protection Act (NDPA) 2023, GAID, and other relevant Data Privacy regulations.
• The role provides day-to-day oversight in monitoring Data Processing activities, handling customer privacy rights requests, conducting awareness training, and supporting privacy risk management across TeamApt’s operations.

What you’ll get to do:

Compliance & Governance:

• Responsible for developing, implementing, and monitoring adherence to Data Privacy policies, procedures, and controls, including NDPA 2023, CBN regulations, and NDPC directives
• Ensures that all obligations are met with respect to lawful processing, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.
• Maintain and regularly update the Record of Processing Activities (RoPA) and oversee the NDPC Data Protection Compliance Audit.

Data Subject Rights & Requests Management:

• Coordinate and ensure timely, compliant responses to all Data Subject Access Requests (DSARs) and other individual rights requests.
• Manage data subject rights requests- including access, rectification, erasure, restriction, objection, and portability within statutory timelines.
• Develop and enforce the organisation's Data Protection Policy, Privacy Notice, Cookie Policy, Retention Policy, and all supporting privacy documentation.

Data Protection Impact Assessments (DPIA) & Risk Management:

• Conduct and review DPIAs for new products, systems, and vendors. 
• Facilitate the identification and mitigation of Data Protection/Privacy risks and ensure technical measures are in place in collaboration with IT and Risk teams.

Training, Awareness & Capacity Building:

• Execute privacy awareness campaigns and training across departments, including developing and maintaining learning materials.
• Monitor and interpret changes in Nigerian and International Data Protection laws

Third-Party Management:

• Oversee third-party data processor due diligence, ensure Data Processing Agreements (DPAs) are in place with all vendors and partners, and manage ongoing compliance of processor relationships.
• Maintain the Vendor Data Processing Register and support contract reviews for privacy clauses.

Incident Management & Reporting:

• Manage data breaches, maintain incident Registers and participate in post-incident reviews.
• Manage data breach response (documentation, investigation, regulatory reporting to NDPC within statutory timelines). 
• Ensure personal data elements are adequately protected within the organisation's security architecture, including encryption at rest and in transit, access controls, tokenisation of sensitive payment data, and audit logging
• Provide data protection oversight for the organisation's Business Continuity Planning (BCP) and Disaster Recovery (DR) programmes, ensuring personal data recoverability and minimised data loss objectives

Regulatory Engagement:

• Prepare reports, documentation, and responses for the NDPC, and other regulators, also coordinate responses to NDPC’s notices, directives, and audits.
• Serve as a representative in all regulatory engagements with the NDPC, NITDA, NCC and other data-related matters.
• Manage and maintain all associated registrations, filings, renewals, and regulatory correspondence.

Eligibility:

• Bachelor’s Degree in Law, Information Technology, Computer Science, or related fields
• 7–10 years of experience in Data Protection, IT GRC, Compliance, or Cybersecurity, preferably within financial services or regulated institutions.
• Professional certification like CIPP/E, CDPO or CIPM from accredited issuing bodies.
• Sound knowledge of the Nigeria Data Protection Act (NDPA 2023), NDPC Regulations, CBN IT Standards, and global Data Protection frameworks (e.g., GDPR).
• Strong analytical, communication, and stakeholder management skills