Job Description
WE'RE HIRING!
DATA PROTECTION OFFICER
Nawaloka Hospitals PLC is seeking a qualified and ethical Data Protection Officer (DPO) to lead the organization's data privacy and compliance initiatives. This role is responsible for ensuring compliance with Sri Lanka's Personal Data Protection Act (PDPA) while safeguarding patient, employee, and organizational data.
REQUIRED QUALIFICATIONS
- Attorney-at-Law of the Supreme Court of Sri Lanka with active professional standing.
- LL.B Degree from a recognized university or successful completion of Sri Lanka Law College examinations.
- 3-5+ years of post-qualification experience in corporate legal, regulatory compliance, data privacy, or a reputable law firm.
- Strong knowledge of the Personal Data Protection Act, No. 9 of 2022, its amendments (including Act No. 22 of 2025), and related regulations.
- Excellent legal drafting, analytical, negotiation, and stakeholder management skills.
- High ethical standards with the ability to independently advise senior management on compliance and data privacy matters.
- Strong attention to detail in handling confidential information and maintaining compliance documentation.
KEY RESPONSIBILITIES
- Develop and manage the organization's Data Protection Management Programme (DPMP).
- Ensure compliance with the Personal Data Protection Act (PDPA).
- Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments.
- Advise management on data privacy, governance, and regulatory compliance.
- Manage data subject requests and data breach response processes.
- Review contracts, vendor agreements, and data processing arrangements.
- Maintain Records of Processing Activities (ROPA).
- Liaise with the Data Protection Authority of Sri Lanka.
- Conduct privacy awareness and staff training programmes.
HOW TO APPLY
Please mention “Application for the Post of Data Protection Officer (DPO)” in the email subject line.
Send your CV, along with the contact details of two non-related referees to [email protected]