Equity Bank Kenya is the largest subsidiary of Equity Group Holdings Plc. Incorporated in Kenya under the Companies Act (Cap 486) and licensed under the Banking Act (Chapter 488), the Bank provides comprehensive retail banking, microfinance, and related financial services. Our nationwide footprint includes 212 branches, supported by over 42,600 agents, 27,300 merchants, more than 1 million Pay with Equity (PWE) merchants, and 345 ATMs. Equity Bank Kenya’s shares are listed on the Nairobi Securities Exchange, reinforcing our commitment to transparency and market leadership.
Our diversified business spans banking, insurance, technology and social enterprise, enabling us to deliver integrated solutions that drive inclusive growth at scale. Our business model is anchored on a distinctive Tri-Engine framework— Social, Economic and Sustainability, which systematically strengthens value-chains, empowers communities and delivers long-term social and economic impact.
Our purpose, “Transforming lives, giving dignity, and expanding opportunities for wealth creation,” guides every our strategic decision. We are driven by a bold vision “to be the champion of the socio-economic prosperity of the people of Africa,” and this ambition is embedded in our culture through our core values of professionalism, integrity, creativity and innovation, teamwork, unity of purpose, respect and effective corporate governance (PICTURE).
Our growth and impact agenda is clearly defined and operationalized through the Africa Recovery and Resilience Plan (ARRP), which serves as the strategic blueprint for sustainable expansion and long-term value creation across the continent.
ROLE PURPOSE
The ideal candidate will be an expert in global data protection laws and will be responsible for ensuring the organization processes personal data in a compliant and ethical manner. A key challenge will be to create a framework that enables lawful data sharing across our various business licenses and jurisdictions to create a seamless customer onboarding experience ("One Customer View") while upholding the highest standards of data privacy and security.
Key Responsibilities
Strategy and Governance
Develop, implement, and maintain the EBKL’s data protection strategy, policies, standards, and procedures. Establish a Bank-wide data governance framework, creating a central authority for all data protection matters. Serve as the primary point of contact for data protection authorities and other regulators on data. Advise the Board and senior management on data protection and privacy matters, ensuring they are informed of their obligations, risks, and the strategic implications of regulatory changes. Oversee the creation and maintenance of a comprehensive data inventory and data flow maps for all personal data processed by EBKL and its third-party ecosystem.
Compliance and Risk Management
Monitor compliance with all relevant data protection laws (e.g., GDPR, Kenya Data Protection Act, etc.) and internal policies. Conduct and oversee Data Protection Impact Assessments (DPIAs) for new products, systems, and business processes, especially those involving data sharing across licenses (e.g., sharing bank KYC data with the insurance arm). Develop and manage a comprehensive record of all data processing activities (ROPA). Establish a framework for managing and responding to data subject requests (e.g., access, rectification, erasure) in a timely and compliant manner. Act as the primary point of contact for all data protection authorities and regulators on data matters. Ensure all necessary registrations and notifications are made to the relevant data protection authorities. Oversee the management and review of data subject rights requests (e.g., access, rectification, erasure) to ensure they are handled efficiently and in compliance with the law. Identify, assess, and mitigate data protection risks across EBKL, and its third-party ecosystem. Ensure that third-party contracts and data sharing agreements have adequate data protection clauses and that due diligence is performed on all partners handling personal data.
Data Sharing Enablement
Design and implement legal and technical mechanisms to facilitate lawful and secure data sharing between EBKL and its stakeholders including third parties, stakeholders and related entities. Review the Intra-Group Data Sharing Agreements that clearly define the purpose, legal basis, and safeguards for sharing customer data to reduce onboarding friction. Advise the business on data anonymization, pseudonymization, and other privacy-enhancing techniques to minimize risk while achieving business objectives.
Incident Management
Develop and manage EBKL data breach incident response plan. Lead the investigation, mitigation, and reporting of any data breaches or privacy incidents in collaboration with IT security and legal teams. Develop and implement a data breach response plan and lead the investigation and reporting of any personal data breaches.
Training and Awareness
Develop and roll out a mandatory data protection training program for all employees and contractors across the Bank. Promote a culture of "privacy by design" and data protection awareness throughout the organization. Provide expert advice and guidance to business units (Banking, Insurance, Mobile Payments, Foundation) on data protection best practices for their specific operations. Work closely with IT and Information Security teams to ensure that appropriate technical and organizational measures are in place to protect personal data. Establish metrics and reporting mechanisms to monitor the effectiveness of the data protection program and report on compliance to senior management and the Board. Partner with Group and other stakeholders in the engagement with regulators on draft regulations, providing insightful input to shape a practical and effective data protection framework.
Qualifications
Academic Qualifications And Experience
Bachelor's degree in Law, Information Technology, or a related field. A Master's degree is a plus. Professional certification in data protection and privacy (e.g., CIPP/E, CIPT, CIPM, FIP) is required. Minimum of 8-10 years of experience in a senior data protection role, preferably within a multi-jurisdictional financial services or technology organization. Expert knowledge of major global data protection regulations (especially GDPR and African data protection laws) and their practical application. Demonstrated experience in developing and implementing enterprise-wide privacy frameworks. Strong understanding of IT security controls and privacy-enhancing technologies.
Key Competencies & Skills
Expert Knowledge: In-depth knowledge of international data protection principles and regulations (e.g., GDPR) and specific knowledge of key African data protection laws. Demonstrated experience in developing and implementing enterprise-wide privacy frameworks. Strategic Thinking: Ability to develop and execute a long-term vision for data protection that aligns with the business Strategic objectives. Leadership & Influence: Strong leadership skills with the ability to influence and build consensus among senior executives, business leaders, and external stakeholders. Communication: Exceptional communication and interpersonal skills, with the ability to articulate complex legal and technical concepts to a non-expert audience. Stakeholder Management: Proven ability to build and maintain strong relationships with internal stakeholders, regulators, and industry bodies. Analytical & Problem-Solving Skills: Strong analytical skills to assess risks, interpret regulations, and develop pragmatic solutions. Integrity & Professionalism: High level of integrity and professional ethics.
Organization
Equity Group Holdings
Employment Type
Regular
Job Level
Team Leader
Job Shift
Day Job
Job Posting
May 20, 2026, 8:33:16 AM
Show more
Show less