May 25th, 2018; the date the GDPR goes into effect. There is certainly plenty of information on the internet about what the GDPR is and what it requires from businesses. However, the impact the GDPR will have on your daily life might not be as apparent. In a series of blogs, we discuss the impact the GDPR will have on you and the changes you will have to make to continue working effectively under the new regulation. Today, the newest addition to many companies: The Data Protection officer.
Establish your role
As Data Protection Officer, you occupy an interesting position in your company. Your presence in your company is likely mandated by the GDPR, but your exact role and duties might be unclear to your colleagues, or even to yourself. As DPO, it is important that your colleagues (and more importantly: managers) know what your role entails, especially if you were appointed as DPO on top of your regular occupation. They must understand that you must have the freedom to act independently, that you cannot be instructed on how to investigate your company’s processing, that you cannot be penalised for performing your duty and that you can’t be personally held accountable for (non)compliance.
On the other hand, it is important your colleagues realise you can be approached for questions regarding GDPR and compliance, as you are as much an advisor as you are an officer. Establishing who you are, what you do and which access you are entitled to, helps you work together with your colleagues and management in an effective and efficient way.
Know your company’s data infrastructure
There’s many reasons why one of the first priorities when starting your work as a DPO, is to gain a clear overview of the data infrastructure of your company. If you have no idea where and how data is transported in your company, it is difficult to locate problems in data processing or collection activities. Furthermore, keeping records of data processing activities (as required by article 30) requires a clear overview of the data infrastructure of your company. In most cases, you won’t actually have to start mapping the data yourself, but work with your Chief Data Officer to build a data stream map as fast as possible, so you have a strong foundation to build future activities on.
Don’t forget about people
With a lot of processing activities to audit and evaluate, it might be easy to focus on the processing and forget about the people. However, training and educating your colleagues is an important part of your job. It’s your job to inform your colleagues about the GDPR and advise them on ways to perform their jobs while complying with the GDPR. Fostering a culture of GDPR compliance and privacy by design and default is an effective way of making sure everyone does their part in helping the company become GDPR compliant, which also makes you are more efficient employee.
Use the right tool for the job
Since the DPO is a new position in many companies, it makes sense that not all the tools you need to do your job are present in your company. Like any professional, it’s important you have the right tools for the job. Our Data Stream Manager helps you and the CDO to gain an overview of the data collection, streaming and processing activities in your company, making auditing and reporting activities much simpler. Additionally, the DPO has been designed to keep your data streams secure and provide you with an easy way of managing who has access to the data collected in your company, making it an excellent tool for any DPO to have.