A Data Protection Officer, or DPO, is a role that is important in any organisation. You may not need a full-time employee; this role can be easily outsourced for cost-effectiveness. In order to be able to protect your interests in the event of a breach, a DPO must be able to operate without any conflict of interest within an organisation, making them in one sense a ‘regulator’ working on behalf of the interests of data subjects, as well as the interests of the organisation.
These are the seven key benefits of having a Data Protection Officer:
Your DPO will help to guide your business through the complex new approach to new privacy regulations, involving organisational disciplines ranging from human resources, legal, corporate structure and business planning, through to website content and structure, database design, IT infrastructure and cyber security.
Starting with basic awareness and an impact assessment of all the data within an organisation, a DPO will deliver the structured presentation of privacy procedures for customers, employees and stakeholders. This will include areas such as your terms and conditions, your website forms and policies, your contracts with third parties and staff.
Key to much of the required compliance is staff training. This calls for a sensitive approach by somebody who is seen to be a team member, because ‘old dogs’ generally do not enjoy being taught ‘new tricks’, yet much has to change. Having a specialist within your organisation who is responsible for ensuring data protection education and discipline is essential.
Your DPO ensures that you have a plan in place to enable you to respond professionally should you be in the increasingly likely situation of suffering a serious breach. The GDPR requires that you must have thought about it before it happens, since you have only 72 hours to report the breach to the ICO and issue advice to the public, your customers and the press.
Under the GDPR one of the most time-consuming functions could be responding to a “Data Subject Access Request”. These must be professionally and politely handled (within 30 days) in order to minimise disruption to your daily business. It is worth remembering you can no longer charge for responding to a request.
Sampson Hall is dedicated to ensuring the regulations have a positive impact upon the organisations we work with, so a major part of our duties is to report to senior management on data protection issues and activities. Our intent is to work with your organisation as a pathfinder, not a roadblock to innovation and growth. We do not focus on the negativity of fines, but the positive benefits of protecting the interests of your customers.
Last, but certainly not least, is the deployment of technical resources to strengthen your corporate protection in a world of cyber security. The very same processes that will keep your data private, will also protect you from other forms of exploitation, and whilst your IT staff may have done that to some degree, they will not have started from the basis of privacy within a corporate structure, which is what the GDPR is all about.
Your Data Protection Officer, whether you are obliged under the regulation to have one or not, is a critical and valuable new role within the modern professional organisation.
Sampson Hall has a proven track record of working successfully throughout an organisation and can advise and bring together all the functions of the business in order to ensure overall GDPR compliance.
Our offer includes:
Staff awareness sessions
Data mapping and data flow
Data protection impact assessments
Annual GDPR audits
Data protection officer services
We offer a free strategic GDPR audit, please get in touch for further information.
Tom Ziemski (Data Protection Officer): [email protected]