Senior Manager, Data Privacy and Regulatory Compliance

To lead the implementation, monitoring, and continuous improvement of data privacy, protection, and regulatory compliance frameworks across Mediclinic Middle East, ensuring alignment with applicable UAE data protection laws, EU GDPR requirements, and organisational governance standards. The role fulfils the responsibilities of the Data Protection Officer (DPO) and provides strategic oversight, advisory support, and assurance to the business on privacy and compliance matters.

• Maintain and improve the data protection framework including policies and procedures to ensure compliance with applicable laws such as UAE PDPL, DIFC DPL, ADGM DPR, EU-GDPR and regulations, policies and standards from healthcare regulators such as ADHICS
• Monitor legislative and regulatory developments on privacy, data protection and other data and cyber laws and lead the implementation of requirements
• Establish and participate in appropriate governance structures in a 2nd-line-of-defence role, and align with other relevant governance stakeholders such as Information Security, Legal, Risk and Internal Audit
• Design, drive and maintain privacy and data protection programs and standards to ensure a consistent practice and a continuous growth of data protection maturity in the company
• Inform senior key stakeholders about data protection responsibilities, risks and related issues
• Maintain an accountability framework for privacy and data protection, including Senior Management, Data Owners, Data Privacy Champions and other roles
• Act as the official Data Protection Officer (DPO) for Mediclinic Middle East and its subsidiaries
• Guide the business on all privacy, data protection and related matters and contribute as subject matter expert for the company
• Establish collaborative networks with internal colleagues in IT, Innovation, Operations, Business Development, Clinical and other key stakeholders to drive and assist the implementation of privacy and data protection requirements
• Manage a framework to assess and mitigate data protection risks and incidents (risk register, data protection impact assessments, personal data breaches), conduct assessments, and report issues and concerns to the relevant senior stakeholders in the company and to regulators (if applicable)
• Manage data breach incidents and support investigations and mitigation actions in cyber security and other incidents affecting personal data.
• Report data breaches to the relevant senior stakeholders in the company and to regulators (if applicable). Member of the Cyber Incident Response Team (CIRT).
• Ensure awareness and training campaigns are conducted and assist in training content development to increase awareness and understanding of and compliance with the framework and laws
• Conduct regular data protection audits and spot checks to ensure compliance and to mitigate risks, and participate as auditee in internal and external audits and inspections related to privacy, data protection and information security
• Oversee and coordinate the implementation and maintenance of legally required data processing registers
• Support the Legal department and contract owners in the review of contracts and agreements and in the implementation of data protection clauses
• Maintain oversight on data security programs and measures and collaborate and align with the Information Security (Info Sec) department in the review and implementation of safeguards and measures regarding data security, data localisation and other requirements

• Implement and maintain the Regulatory Compliance policy and drive the compliance program
• Monitor legal and regulatory developments over all applicable jurisdictions for significant developments impacting the company’s risk exposure, ownership and structure, licensing, finances and taxes, and other operations (except clinical and medical)
• Re‑assess the compliance and regulatory risks for reporting to internal stakeholders and shareholders
• Ensure…