Legal Officer - Data Protection at PalmPay Limited

PalmPay is a pan-African fintech company currently operating in Nigeria, Ghana, Kenya, Uganda, and Tanzania and expanding to other markets this year. We’re reinventing the payments experience by making it easy and reliable for everyone to transfer money, pay bills and shop online.

We are recruiting to fill the position below:

Job Title: Legal Officer - Data Protection

Location: Lagos
Employment Type: Full-Time
Career level: Mid Level

Job Description

• We are seeking a highly motivated and experienced Data Protection Officer (DPO) with a legal background to join our dynamic team in Nigeria. 
• This mid-senior level role will be crucial in ensuring the company's compliance with all applicable data protection laws and regulations, particularly the Nigeria Data Protection Act (NDPA) and other relevant international standards. 
• The DPO will be responsible for developing, implementing, and maintaining a robust data protection framework, advising on data protection matters, and acting as the primary point of contact for data subjects and regulatory authorities. 
• The ideal candidate will be a qualified lawyer with a strong understanding of data protection principles and practices, excellent communication and stakeholder management skills, and a proactive approach to risk management.

Key Responsibilities
Developing and Implementing Data Protection Policies and Procedures:

• Develop, implement, and maintain comprehensive data protection policies, procedures, guidelines, and training materials in line with the NDPA and other relevant regulations.
• Ensure these policies and procedures are effectively communicated and implemented across all relevant departments.

Monitoring Compliance:

• Monitor compliance with data protection laws, regulations, and internal policies and procedures.
• Conduct regular data protection impact assessments (DPIAs) and advise on data protection risks and mitigation strategies.
• Maintain records of processing activities (RoPA) in accordance with legal requirements.

Providing Legal and Regulatory Advice:

• Provide expert legal advice and guidance to the organization on all aspects of data protection law and practice.
• Stay abreast of developments in data protection legislation and best practices, and proactively advise on their implications for Palmpay.

Data Subject Rights Management:

• Serve as the primary point of contact for data subjects exercising their rights under the NDPA (e.g., access, rectification, erasure, restriction).
• Develop and implement procedures for handling data subject requests in a timely and compliant manner.

Data Breach Management:

• Develop and implement a data breach response plan.
• Manage and investigate data security incidents and breaches in accordance with legal requirements, including notification to relevant authorities and data subjects.
• Recommend and implement remedial actions to prevent future breaches.

Liaising with Regulatory Authorities:

• Act as the primary point of contact for the Nigeria Data Protection Commission (NDPC) and other relevant regulatory authorities on data protection matters.
• Cooperate with and respond to inquiries and investigations from regulatory authorities.

Training and Awareness:

• Develop and deliver data protection training and awareness programs for employees across all levels of the organization.
• Promote a culture of data privacy and security within Palmpay.

Vendor Management:

• Review and advise on data processing agreements with third-party vendors to ensure compliance with data protection requirements.
• Monitor the data protection practices of third-party processors.

Internal Audits and Reviews:

• Conduct internal audits and reviews of data processing activities to ensure compliance and identify areas for improvement.
• Report findings and recommendations to relevant stakeholders.

Collaboration and Stakeholder Management:

• Collaborate effectively with various internal departments, including Legal, Compliance, IT Security, Product, and Customer Support, on data protection matters.
• Build strong working relationships with key stakeholders across the organization.

Qualifications and Experience

• Candidates should possess a Bachelor's Degree in Law (LLB) required.
• Admission to the Nigerian Bar is mandatory.
• Minimum of 4+ years of relevant experience in data protection law and practice, preferably within the financial services or technology sector.
• Proven experience in developing and implementing data protection policies and procedures.
• Strong understanding of the Nigeria Data Protection Act (NDPA) and other relevant data protection principles and international standards (e.g., GDPR).
• Experience in conducting Data Protection Impact Assessments (DPIAs).
• Experience in managing data subject rights requests and data breach incidents.
• Familiarity with information security principles and practices.
• Excellent legal drafting, analytical, and problem-solving skills.
• Strong communication, presentation, and interpersonal skills, with the ability to explain complex legal concepts to non-legal audiences.
• Ability to work independently and as part of a team.
• High ethical standards and a strong commitment to data privacy.

Preferred Qualifications:

• Relevant certifications in data privacy (e.g., CIPP/E, CIPM).
• Experience working with regulatory authorities in Nigeria.
• Experience in the FinTech industry.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online