The enforcement of the GDPR will surely make it more difficult to ensure whether or not your data is completely compliant with its strict and finicky requirements. Even if you are the biggest supporter of the European Union’s regulation and keep up with every single piece of news about it, there are so many items to address that it takes a dedicated person working full-time just to address its particular questions.
Thankfully, the creators of the regulation were the first ones to acknowledge how cumbersome this task could be, and that’s why they have thought of a specific person to address this topic: the Data Protection Officer (DPO).
The nomination of a DPO is sometimes mandatory – when you are a public authority, when you are dealing with a large pool of sensitive data, when data concerning criminal convictions or offences is involved, and when “the core activities of the controller or the processor consist of processing operations which (...) require regular and systematic monitoring of data subjects on a large scale” (art. 37 b).
If your company fits any of these categories, you will probably have a new, data security-savvy colleague very soon. Make sure you welcome this person warmly, because DPOs have a particular set of skills that will make a difference in ways you may not have thought of.
But What Does a DPO Actually Do?
At first sight, a DPO may look like a pain in the neck. This person’s main role is not only to ensure your company is compliant with the GDPR but also to ensure it remains like that for the time to come. This means they aren’t only going to change your current procedures, they will rethink the whole data management process.
DPOs will start by addressing your current situation, and they will probably expect to find a big list of no-nos while reviewing your privacy policies, cross-channel collection, or data transfer procedures. This is the kind of thing that will probably put your data protection expert on your blacklist.
What people tend to forget is the bright side of this partnership in terms of branding: having someone responsible for your data compliance status is a huge deal when it comes to clients’ and partners’ trust. And this is something companies could really use, because we’re going through an all-time low in terms of trust in companies and institutions.
So, our advice would be to not look at the DPO as a person that is only there to avoid the heavy fines your company is probably risking, and to instead look at them as the people who will make your clients and partners see you as a transparent, trustworthy company.
If you think of it this way, maybe that big list of “don’ts” your DPO puts in front of you won’t look like that much of a burden.
Read more on GDPR
- Data Management Run by Strangers is a Liability You Can't Afford
- How to Ensure Your Marketing Data is GDPR Compliant
- Velocidi Joins PageFair Initiative for GDPR Compliant Advertising