Embracing the DPO role after becoming one by chance

Fiona has been a data protection officer, or DPO, in Singapore since 2018.

As she shares in a video interview with DPEX Network, she fell into this role by chance, as she had worked in a different role at her previous organisation.

“How I came into this line was actually by coincidence,” said Fiona, who is currently a DPO with a Singapore organisation.

At her previous employer, a risk assessment exercise flagged up data protection as one of the “big risks” that surfaced.

“So I actually volunteered myself for [a data protection] role,” she said, “because of bandwidth issues. I did not know that [this would] actually branch me out into a new career.”

“When I started, I knew nothing about PDPA (the Personal Data Protection Act), not even knowing what that was.”

She was so anxious about safeguarding the personal data in her care that she had difficulty sleeping. Fiona then proceeded to take data protection courses and admits that her journey as a DPO hasn’t been easy.

Watch the video interview on YouTube here.

Getting management buy-in was tough

“I actually had to learn [on the job and through formal training] and then I have to go back and implement. So this was really tough,” she said.

“That was in 2018. But today, with all these data breaches going on, I think buy-in from management is much easier compared to the earlier days, when budget was never allocated.”

While Fiona received company sponsorship for her Advanced Certificate in Operational Excellence, she actually paid her own way to get herself accredited as a Certified Information Privacy Manager and Certified Information Privacy Professional/Europe and Certified Information Privacy Professional/Asia.

She also attended the Crisis Communications and Data Breach Response for DPOs course as a self-sponsored individual. [For all of the above courses, funding is available for Singapore citizens and permanent residents.]

Start your career in data protection by taking our 1-day PDPA crash course (Singapore) / our Data Protection Officer Program (DPO ACE, Philippines), or check out our learning roadmap.

‘I couldn’t sleep’

“When I first started back then, I really couldn't sleep. Really. I couldn't sleep,” said Fiona.

“It really scared me, in my previous organisation, because we actually collected a lot of vulnerable individuals' data and there weren't many [measures] in place.

Over time, after she and her team started on the data protection journey, they put in place proper processes, policies and training.

“I would say that now, even though I have already moved on to a new organisation, nothing keeps me up at night,” she added. “Because anytime, I'm expecting my phone to ring. And when it rings, it means that whatever that we had prepared, we are going to kickstart it.”

Following her positive experience learning from her course instructors, and fellow professionals in the DPEX (Data Protection Excellence) Network, she highlighted the fact that there are “people out there to help you with your journey”.

Lean into ‘being arrowed’

While she had volunteered for her role, Fiona can empathise with those who have been assigned, or ‘arrowed’, a role as a DPO or DP office/committee member.

Data protection knowledge, experience and certifications are increasingly cited in job advertisements; in a recent study by the Data Protection Excellence Centre, the learning and research arm of Straits Interactive, the number of jobs citing such requirements more than tripled from 2021 to 2022.

“I think it's a mindset that we always feel that when we are being 'arrowed' to take on a new role, you feel the burden and the responsibility, and you start asking yourself, ‘Why am I being arrowed?’”

Fiona’s advice? “Don't take it that way. See that it can lead to a new opportunity.”

“This has been proven in my life. I never expected that I would branch out into this line.”

To stay updated on the latest data protection jobs and sign up for courses, please visit dpexnetwork.org. There are also “Spotlight On” success stories and more Data Protection Careers features on the DPEX Network blog.