With the implementation of Europe\u2019s General Data Protection\nRegulation (GDPR) back in May 2018, the duties of the data privacy officer\n(DPO) have multiplied in both quantity and importance. As companies adapt to\nthe GDPR requirements, many data privacy teams remain undermanned and lacking\nthe resources needed to comply with its statutes. The uniqueness of this\nmassive European legislation has introduced a whole new series of challenges\nfor individuals involved in data protection and privacy issues. Besides knowing\nthe ins and outs of the GDPR, the DPO now has to tackle a myriad of other\ntrials to guarantee the proper functioning of their organization. In this blog\npost, LGCA highlights the main challenges to be faced by DPOs as we move into\n2020 and provides a series of tips on how to best solve these problems.<\/p>\n\n\n\n
Improve the Governance of Data Privacy\nActivities<\/strong><\/p>\n\n\n\n Considering the newness of the GDPR, it\nis perfectly understandable that one of the main challenges affronted by\ncompanies relates to the establishment of solid governance over data privacy\nactivities. In this vein, CPO Magazine highlights<\/a> the fact that companies are currently\nemphasising \u201cthe organisation and processes of a data programme\u201d over\n\u201ctechnological solutions and training\u201d.<\/p>\n\n\n\n As explained<\/a> in CPO Magazine\u2019s survey, \u201cIn order to\nconform to privacy principles and meet all compliance requirements, an\norganisation must first wrap its arms around what data it is collecting\nfrom consumers, how it is using this data, with whom it is sharing this data,\nand what safeguards currently exist so that the organisation does not collect\ndata improperly from consumers\u201d. According to the survey<\/a>, particular importance is being showed to\n\u201cenhancing the process for data subject requests\u201d and \u201cconsent management\u201d.<\/p>\n\n\n\n CPO Magazine also points out that\ngovernance over data privacy activities grows in importance as a company\nmatures. \u201cThis points to a constant issue for privacy teams: as business\nexpands, an organisation will also have an expanding set of new privacy\nissues,\u201d the survey explains<\/a>. \u201cThis naturally leads to a need to embrace\nnew technologies and business models in order to keep data processing\nactivities at the required level (or higher)\u201d.<\/p>\n\n\n\n Be as Independent as Possible<\/strong><\/p>\n\n\n\n It is crucial for DPOs to be given plenty of leeway to perform\ntheir duties. It becomes counterproductive when upper management or other\ninterested parties interfere with the DPO\u2019s overall role and impose certain\nactions, behaviours or decisions onto the position, potentially leading to\nconflicts of interest or other similar problems.<\/p>\n\n\n\n As explained<\/a> by Brian Davidson, PwC\u2019s Senior Manager\nfor Data Protection Strategy, Legal and Compliance Services in the UK,\n\u201cOrganisations must give careful consideration as to who will fill the DPO role\nand the specific tasks they will be assigned under GDPR to avoid potential\noverlap with the responsibilities of Legal, Internal Audit and Financial\ndepartments\u201d.<\/p>\n\n\n\n In a piece for Mondaq, Charis Photiou, a\nManager within Deloitte Risk Advisory Services in Cyprus, concurs with this\nneed for independence on the part of the DPO. \u201cThe DPO is the person who will\nspeak up when everyone else will stand down on Data Protection matters as well\nas be the person to be consulted on any matter concerning Data Protection,\u201d\nPhotiou says<\/a>. \u201cTo achieve this, the DPO should maintain\norganisational\/functional independence and perform his\/her duties ethically and\nfree from conflict of interest\u201d.<\/p>\n\n\n\n Work as a Team<\/strong><\/p>\n\n\n\n While remaining independent and not\nbeing influenced by \u2018outside\u2019 pressures is primordial to the role of the DPO,\nso is collaborating with other departments in the compliance with these data\nprivacy regulations. According to DPOrganiser, a developer of personal\nmanagement software, it is important for organisations \u201cto build<\/a> data protection into [their] daily\noperations\u201d and \u201cnever act on their own\u201d. More specifically, DPOrganiser writes<\/a>, \u201cEveryone facing customers or employees needs\nto be involved in data privacy issues\u201d.<\/p>\n\n\n\n Furthermore, Andrew Shaxted and\nLouise Rains of FTI Consulting\u2019s Technology division delve deeper into the\nbenefits of collaboration between the DPO and other departments within the\norganisation. In a recent blog post for Legaltech News, Shaxted and\nRains <\/strong>write<\/a>: \u201c<\/strong>The DPO should have the\nability to reach across functions and work with stakeholders within a variety\nof departments in the organisation. By working with the executive bench and\ncross-functional teams, the DPO can ensure that project plans address and take\naccount of the range of business needs and challenges that exist in the\necosystem\u201d.<\/p>\n\n\n\n Build a Company-Wide Data Privacy Culture<\/strong><\/p>\n\n\n\n By working as a team in the\nimplementation of data privacy regulations, you will also be able to create a\ncompany-wide data privacy culture that will facilitate your job as DPO. The\nrecent Data Protection and Privacy Officer Priorities 2019 survey<\/a> conducted by Chief Privacy Officer (CPO)\nMagazine and highlighted by the European Union shows that many of the DPOs\ninvolved in the study believe raising data privacy awareness is one of their\nmain challenges for 2019.<\/p>\n\n\n\n According to the EU\u2019s GDPR website<\/a>, \u201cthe DPOs who said building greater data\nprotection awareness was their priority were split almost evenly in how they\nwould go about creating that awareness: 35 percent said they would conduct\nawareness campaigns, 35 percent said they would institute formal employee training\nsessions, and 31 percent said they would regularly update senior executives in\na top-down approach\u201d. For instance, ProtonMail, a secure email service that\nvalues privacy above all, recommends<\/a> that companies carry out regular data\nprivacy awareness sessions, ideally starting \u201csoon after a new employee starts\nand then be updated periodically\u201d. ProtonMail\u2019s Ben Wolford also suggests<\/a>: \u201cThe training should emphasise the most\nimportant aspects of the cyber security policy while also giving employees an\nunderstanding of the specific threats your management team has identified\u201d.<\/p>\n\n\n\n What are your thoughts on these tips? As a DPO, do you have any\nadditional ones we should have included? Get in touch and let us know!<\/p>","protected":false},"excerpt":{"rendered":" With the implementation of Europe\u2019s General Data Protection Regulation (GDPR) back in May 2018, the duties of the data privacy officer (DPO) have multiplied in both quantity and importance. As companies adapt to the GDPR requirements, many data privacy teams remain undermanned and lacking the resources needed to comply with its statutes. The uniqueness of […]<\/p>","protected":false},"author":1,"featured_media":2773,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","inline_featured_image":false},"categories":[55],"tags":[],"_links":{"self":[{"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/posts\/2772"}],"collection":[{"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/comments?post=2772"}],"version-history":[{"count":0,"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/posts\/2772\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/media\/2773"}],"wp:attachment":[{"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/media?parent=2772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/categories?post=2772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lgca.uk\/el\/wp-json\/wp\/v2\/tags?post=2772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}