×
Register Here to Apply for Jobs or Post Jobs. X

Data Privacy Officer

Job in Jeddah, Saudi Arabia
Listing for: البيت الأهلي للتمويل
Full Time position
Listed on 2026-07-04
Job specializations:
  • IT/Tech
    Data Security, Information Security
Job Description & How to Apply Below
1. Role Summary

The Data Privacy Officer is the operational owner responsible for executing personal data protection requirements. The role maintains the privacy compliance evidence base, coordinates with business, IT, cybersecurity, legal, procurement, and vendors, and ensures that processing activities, data subject requests, privacy impact assessments, breaches, disclosures, processor activities, and cross border transfers are documented and controlled.

2.

Key Responsibilities 2.1 Data Subject Rights and Communication Channels
  • Receive, validate, document, and coordinate responses to data subject requests including access, copy, correction, update, completion, destruction, and consent withdrawal.
  • Ensure requests are acted upon within required timelines and document extensions, refusals, and justifications.
  • Verify requester identity before executing rights requests and maintain records for oral and written requests.
  • Operate or coordinate approved communication channels for data subject rights such as email, SMS, national address, electronic applications, or other lawful channels.
2.2 Privacy Notices, Consent, and Marketing Controls
  • Prepare and maintain privacy notices that explain controller identity, contact details, processing purposes, legal basis, retention periods, rights, consent withdrawal, and whether processing is mandatory or optional.
  • Coordinate consent capture and evidence, ensuring consent is freely given, specific, documented, and separate by processing purpose where required.
  • Maintain consent withdrawal procedures and coordinate cessation of processing where consent is the sole legal basis.
  • Support direct marketing and advertising controls, including opt out mechanisms, sender identity disclosure, consent evidence, and immediate halt of marketing upon withdrawal.
2.3 Records of Processing Activities
  • Create, maintain, and periodically update written records of personal data processing activities.
  • Ensure records include controller details, DPO information where applicable, purposes, personal data categories, data subject categories, retention periods, disclosure recipients, transfers outside the Kingdom, and security measures.
  • Make records available for internal review, audit, management reporting, or competent authority requests.
2.4 Privacy Impact Assessment
  • Conduct and document privacy impact assessments for sensitive data, linked datasets, large scale or repetitive processing, monitoring, new technologies, automated decisions, or services likely to cause serious privacy harm.
  • Assess processing purpose, legal basis, data sources, recipients, geographical scope, context, proportionality, severity and likelihood of harm, and mitigating controls.
  • Coordinate re assessments when processing risks remain high or proposed processing may harm data subjects.
  • Support legitimate interest assessments where processing relies on legitimate interest, ensuring necessity, balance of interests, reasonable expectations, and exclusion of sensitive data.
2.5 Data Classification and Inventory Support
  • Maintain the personal data inventory and coordinate classification activities with business and system owners.
  • Support classification based on impact, sensitivity, data type, business purpose, and regulatory requirements.
  • Track application of classification controls including protective marking, access, usage, storage, data sharing, retention, disposal, archival, and declassification.
  • Escalate unclear or high risk classification decisions to the Chief Data Privacy Officer.
2.6 Data Sharing Operations
  • Receive and review data sharing requests from internal or external parties.
  • Validate purpose, legal basis, data minimization, classification, authorization, data type, preprocessing, safeguards, sharing duration, frequency, termination, and liability requirements.
  • Prepare data sharing agreements or privacy schedules and coordinate approvals before data is shared.
  • Maintain records of data sharing requests, decisions, agreements, controls, and evidence of implementation.
2.7 Cross Border Transfer Operations
  • Maintain the register of personal data transfers or disclosures outside the Kingdom.
  • Conduct transfer risk assessments where required, covering purpose, legal basis, transfer nature, geographical scope, safeguards, data minimization, potential material or moral effects, and mitigation controls.
  • Validate use of approved safeguards such as standard contractual clauses, binding common rules, accreditation/certification, or other safeguards approved by the competent authority.
  • Monitor transfers for changes in safeguards, sub processors, countries, transfer purpose, or regulatory conditions and elevate issues requiring halt or remediation.
2.8 Processor and Third Party Privacy Compliance
  • Review third party and processor privacy questionnaires, due diligence evidence, and contractual privacy clauses.
  • Ensure processor agreements define processing purpose, personal data categories, processing duration, breach notification duties, foreign regulatory exposure,…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary