Overview:

The Data Protection Officer (DPO) oversees the Company’s data protection and privacy framework, ensuring personal data is collected, processed, stored, and transferred in compliance with UAE PDPL, VARA regulations, and relevant international privacy laws such as GDPR. The DPO provides guidance, monitors compliance, manages privacy risks, and ensures alignment with regulatory expectations for virtual asset activities.

Responsibilities:

• Develop, implement, and maintain data protection policies, procedures, and standards
• Ensure compliance with UAE and international data protection laws, VARA requirements, and internal frameworks
• Monitor data collection, processing, storage, and transfer practices to ensure lawful and secure handling
• Conduct privacy risk assessments and coordinate Data Protection Impact Assessments (DPIAs)
• Oversee identification, investigation, and management of data breaches or privacy incidents, including regulatory notifications
• Provide staff training and awareness on data protection obligations
• Review and monitor third-party vendors to ensure adequate privacy and data protection standards
• Advise senior management and business units on privacy risks and mitigation measures
• Monitor compliance and provide periodic reports to senior management and the Board
• Serve as the point of contact for regulatory authorities on data protection matters

Qualifications:

• Bachelor’s degree in Law, Information Security, Data Protection, Compliance, or related field
• Professional certification such as CIPP, CIPM, CDPO, or equivalent preferred
• 5+ years’ experience in data protection, privacy compliance, information security, or regulatory compliance in financial services, fintech, or technology
• Strong knowledge of UAE data protection laws and international privacy frameworks, including cross-border data transfers