Embracing the DPO role after becoming one by chance

Fiona has been a data protection officer, or DPO, in Singapore since 2018.

As she shares in a video interview with DPEX Network, she fell into this role by chance, as she had worked in a different role at her previous organisation.

“How I came into this line was actually by coincidence,” said Fiona, who is currently a DPO with a Singapore organisation.

At her previous employer, a risk assessment exercise flagged up data protection as one of the “big risks” that surfaced.

“So I actually volunteered myself for [a data protection] role,” she said, “because of bandwidth issues. I did not know that [this would] actually branch me out into a new career.”

“When I started, I knew nothing about PDPA (the Personal Data Protection Act), not even knowing what that was.”

She was so anxious about safeguarding the personal data in her care that she had difficulty sleeping. Fiona then proceeded to take data protection courses and admits that her journey as a DPO hasn’t been easy.

Watch the video interview on YouTube here.

Getting management buy-in was tough

“I actually had to learn [on the job and through formal training] and then I have to go back and implement. So this was really tough,” she said.

“That was in 2018. But today, with all these data breaches going on, I think buy-in from management is much easier compared to the earlier days, when budget was never allocated.”

While Fiona received company sponsorship for her Advanced Certificate in Operational Excellence, she actually paid her own way to get herself accredited as a Certified Information Privacy Manager and Certified Information Privacy Professional/Europe and Certified Information Privacy Professional/Asia.

She also attended the Crisis Communications and Data Breach Response for DPOs course as a self-sponsored individual. [For all of the above courses, funding is available for Singapore citizens and permanent residents.]

Start your career in data protection by taking our 1-day PDPA crash course (Singapore), or check out our learning roadmap.

‘I couldn’t sleep’

“When I first started back then, I really couldn't sleep. Really. I couldn't sleep,” said Fiona.

“It really scared me, in my previous organisation, because we actually collected a lot of vulnerable individuals' data and there weren't many [measures] in place.

Over time, after she and her team started on the data protection journey, they put in place proper processes, policies and training.

“I would say that now, even though I have already moved on to a new organisation, nothing keeps me up at night,” she added. “Because anytime,