- The hiring frenzy has been increasing sharply since last year after the Data Protection Act that was signed in November 2019 took effect.
- Job listings for the hitherto rare data protection officer (DPO) and analytics officer had shot up sharply especially by firms in data-rich sectors such as tech, digital marketing, finance, healthcare, and retail.
- Jubilee Insurance, I&M Bank, Old Mutual, and the Kenya Revenue Authority (KRA) are among the many organisations working to fill the position.
Data protection and analytics officer has become the hottest tech job in Kenya as corporates scramble to hire software and privacy experts in a race to comply with a new law that has shaken up personal data security rules in the country.
The hiring frenzy has been increasing sharply since last year after the Data Protection Act that was signed in November 2019 took effect.
The law sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored, and shared.
Firms found to be in breach of the law face a steep penalty of up to Sh5 million or one percent of a company’s preceding year annual turnover—whichever is lower.
Spooked by this, corporates in Kenya that collect large amounts of customer data are caught in a fever-pitch race to clean up the data systems to avoid such punitive penalties.
A spot check by Business Daily showed that job listings for the hitherto rare data protection officer (DPO) and analytics officer had shot up sharply especially by firms in data-rich sectors such as tech, digital marketing, finance, healthcare, and retail.
“Data security skills are coming in high demand as firms such as banks move to ensure the data they have does not fall in wrong hands because if it does, the penalties under the Data Protection Act are quite huge,” Habil Olaka, chief executive officer of the Kenya Bankers Association (KBA), said.
Industry inquiries showed that insurance and tech firms have also stepped up a chase for the signatures of the now most sought-after workers— triggering a jobs boom for software and privacy experts in an environment where overall hiring has remained subdued due to the economic fallout of Covid-19.
Jubilee Insurance, I&M Bank, Old Mutual, and the Kenya Revenue Authority (KRA) are among the many organisations working to fill the position.
Section 24 of the Act allows data controllers and data processors to appoint a data protection officer who may be a staff member whose role includes advising on compliance with the Act.
All entities whose core activities entail substantial monitoring or processing of personal data have been forced to hire experts to avoid privacy breaches that could lead to hefty fines.
A DPO is expected to assist these companies to carry out data audits to ensure they comply with privacy laws.
“The purpose of this role is to establish, implement and enforce a robust group-wide data protection and compliance framework and systems, to ensure that the different companies within Jubilee Insurance are compliant with the Data Protection Act and Regulations,” said Jubilee last month in a job advert.
Firms also want the DPOs to train employees on data privacy and help companies to refresh their data privacy policies.
Additionally, the DPOs will be key persons for communication between the company and those lodging complaints about how their data is being used.
Kenya’s latest experience mirrors that of the European Union which in 2018 experienced a boom in the hiring of data privacy professionals in response to the sweeping data privacy rules introduced by the General Data Protection Regulation (GDPR). More than 30,000 DPOs were hired in Europe since GDPR requires that DPOs assist their companies on data audits for compliance with privacy laws.
The strong demand for data protection skills means firms are willing to pay a premium to get the best talent as was the case with risk management and information technology professionals in the past.
“When the skill comes in high demand and is not sufficiently available, the market dynamics mean firms may have to pay a premium. But as more training happens, this will normalise,” said Mr Olaka.
Those companies who have DPOs, meanwhile, are braced for poaching.
But Bitange Ndemo, a professor of entrepreneurship at the University of Nairobi’s School of Business, warns that firms should be careful not to strangle the potential of data analytics in the name of complying with data protection laws.
“Firms may end up hiding data which is not necessarily for hiding but needs to be used for some good. Worldwide, businesses are changing their models because of data and firms cannot afford to collect such data and just guard it,” he said.
The Data Protection Act requires data controllers and processors both in Kenya and abroad ensure that all personal data is processed lawfully, fairly, and in a transparent manner. They are also required to inform clients on the use of personal data and correct or delete any false representations about them. The law also guarantees special safeguards for sensitive data such as one’s marital status, sexual orientation, health status and ethnicity.