Being a Data Protection Officer (DPO) is a rewarding and fulfilling position to be in. It may not be all glitz and glamour, but being in this role means that you’re part of that line between privacy and potential chaos. As the DPO, you play a crucial part in ensuring that people’s personal information is safeguarded, secured, and respected.
However, having such great responsibility naturally invites a myriad of challenges. Like in any job, these range anywhere from little everyday errors to colossal high-stakes panics… and everything in between.
We asked a member of our consultancy team for her top tips, picked up from her years of experience.
1 – Explain data protection concepts clearly
Our first tip is regarding how you communicate to others about data protection.
As an expert Data Protection Officer, it’s easy to forget that your colleagues are in starkly different roles. Half the time, they might not understand what you’re talking about! Unless you speak in layman’s terms and keep things nice and simple, the explanations you’re giving might as well be in another language entirely. And you don’t want your communication to be a bottleneck causing unnecessary confusion and stalling. It may be tempting to spill all the legal knowledge you’ve acquired over the years (and potentially hard to get out of the habit of doing so). However, depending on who you’re speaking to, it’s probably worth translating it into plain English.
2 – Ensure everybody understands personal data
One of the most crucial things for people to understand is when they’re processing personal data. After all, how can they take the appropriate safeguarding measures when they’re not even aware of what they’re protecting?
Our consultant recalls some ex-colleagues being unaware that they were processing personal data simply by collecting names. It’s always safer to run through the basics to be certain that all staff have at least a good understanding. An enlightening thing to suggest is that by considering if it were “their” data you can influence the way that personal data is seen by those handling it.
3 – Talk about real life scenarios while training
People respond much better to presentations and training when real examples are involved. For instance, horror stories about data breaches, and the consequences that the organisations had to face. Using anecdotes and case studies in this way makes the subject resonate a lot better. Generally, people are more likely to remember a story about mistakes an organisation made that led to a data breach, rather than warnings and instructions on their own. It makes it feel more “real”, so to speak, and serves as a swift reminder that these dangers we warn against do indeed happen. It’s also useful to discuss how well organisations deal with breaches and what they did during them too.
4 – Always remember your right to say no
As a Data Protection Officer, it will often be your duty to advise members of your team about data that your organisation should share, and just as importantly, data that they shouldn’t. There will be times where colleagues will ask you if you could (or should) grant permission for third parties to access personal data held for whatever reason. Sometimes, you’re within your right to say no.
For instance, our consultant looked back on a particular moment from a previous job. HR had asked her if she could agree for the police to have a printout of the names and addresses of every male employee that had been on the site within a specific span of years. This was apparently to assist with the resurrection of a cold case. And to this request, she said no, because, simply, her organisation had every right to deny that access. That would have been a great big chunk of personal data to hand over, and it was not proportionate for the purpose the police wanted it for. It was therefore entirely reasonable that she was uncomfortable with the idea of doing so.
5 – Spread the word about data protection
Something that our consultant says she’s glad that she did is talk about data protection with as many people as possible.
Privacy and information security are heavily connected and are involved in practically all aspects of business. Try to discuss them on such a level instead of restricting the topic to law-based conversations. This can help to ground the subject for people who don’t have their ear to the ground in this area. It will then hopefully lead to a higher standard of vigilance and understanding across the organisation. The more people made aware of data protection – its importance, the considerations to be made, and its relevance to everybody – the better.
By having these conversations, you also further cement yourself as a leader in this field. You’re demonstrating to people all across the organisation your expertise should they ever need any support.
6 – Be positive, welcoming, and approachable
This final tip can apply to practically any role that you can imagine. However, it’s particularly true for a role like the DPO. By carrying out your role with the right attitude, people will consult you sooner rather than later. You might even be included in more projects than you would if you were closed off and inaccessible. As the DPO, your organisation will be looking to you for your expert advice and cooperation. If you welcome this, and take on your role with confidence and optimism, your team will appreciate you and what you have to offer all the more. If you’re the main point of contact regarding something as important as data protection, it’s vital that people feel comfortable coming to you for advice or help. A good rule of thumb is to never start a response to a query with the word “no”. Always ask for more detail and discussion.
Learning from your mistakes
It’s important to remember that no matter how much helpful advice you receive, you’re still bound to make a few mistakes. These tips will hopefully give you some ideas on how you could improve your approach to your work, but the most valuable lessons we learn are through our errors. The role of the Data Protection Officer is no walk in the park, and comes with a variety of unique challenges. Through these tips, your existing skills, and being prepared for the occasional mistake, you’ll be on your way to being a more effective DPO.
How DPAS can help you
Among our extensive list of training, we offer a course that will equip you with all the knowledge and skills you’ll need to excel in a DPO role: The Effective DPO.
By taking this course, you’ll be able to demonstrate your expertise to clients and employers, setting you apart in the competitive field of data protection.
Through attending this course, you will:
- Learn how to audit and report to senior management on data protection compliance.
- Have the skillset and tools to support your organisation in processing customer data in compliance with the GDPR and the Data Protection Act (2018).
- Understand how to develop a new culture of value in data protection.
- Build compliance, governance, and organisational skills.
- Show the value that data protection brings to your data strategy.
- Earn CPD points.