Data Protection & Compliance Officer

Apply now »

Date: 11 Mar 2026

Location: Dubai

Company: Innovo Group

Role Purpose

The role is responsible for ensuring Innovo complies with UAE and UK data protection and retention laws, including PDPL and GDPR, regulatory requirements, and any other relevant data compliance rules. The role is responsible for establishing, implementing, and maintaining data governance controls and processes across the group. This role goes beyond personal data protection and focuses on the full lifecycle management of all business-critical data across the group.  

Key Accountabilities

  • Develop, implement, and maintain a data governance and protection framework aligned with UAE’s retention rules and PDPL and UK GDPR requirements.  
  • Monitor compliance with data-related regulations, retention laws, data protection policies and procedures. 
  • Define data ownership roles, data classification models, retention rules, handling requirements and decision-making structures. 
  • Serve as the primary point of contact on data protection matters for management, employees, and regulators. 
  • Advise on privacy-by-design and Data Protection Impact Assessments (DPIAs) when required. 
  • Lead the handling of personal data breaches, from identification to remediation, working with Legal and HR to coordinate breach notifications to the UAE Data Office, and UK Information Commissioner Office as required. 
  • Develop and deliver data protection and privacy training across the group. 
  • Oversee responses to data subject access, correction, deletion restriction, and objection requests, ensuring requests are handled within statutory timelines.  
  • Input into 3rd party risk management framework, ensuring all contracts include proper data related regulation and protection clauses and safeguards. 
  • Prepare compliance reports for management and regulators. 
  • Maintain an up to date data inventory, retention schedules, and compliance records. 

Qualifications, Experience, Knowledge & Skills

  • Bachelor’s degree or higher (Master’s preferred), in Law, Information Security or related field. 
  • Minimum 10 years experience in data protection, data governance, data compliance, privacy, compliance or information security 
  • Knowledge of data lifecycle management and retention frameworks 
  • Experience with UAE PDPL, and knowledge of UK GDPR 
  • Experience in information security controls, risk management, and privacy operations 
  • Strong knowledge of UAE, UK and international privacy frameworks  
  • Knowledge of ISO27701, ISO27001 
  • High level of integrity, independence, and confidentiality 
  • Excellent communication and stakeholder management skills