Best of 2022: DP lawyer: get certified to understand and comply with privacy laws

Data protection laws, even for a practising lawyer, can be difficult to understand, let alone implement compliance policies and processes for.

This was what Manila-based lawyer Jon Bello (CIPM, CIPP/E, FIP) realised about a decade ago.

A legal professional with more than 20 years of experience, and formerly the International Association of Privacy Professionals (IAPP) KnowledgeNet Philippines Chapter Chairman, Bello is currently a partner at Medialdea Bello and Suarez Law and an IAPP Asia Advisory Board Member.

Jon Bello

Bello, who has a background in litigation and regulatory compliance, and now assists his firm’s various clients in the Asia-Pacific region on data privacy compliance, was recently in Singapore to attend the IAPP Asia Privacy Forum.

“There are so many roles right now involving privacy or data protection. Unfortunately, many establishments feel that this [function] can only be taken by one team, let’s say by Legal, by IT, or by HR, but it doesn’t have to work that way.

“Because if you try to dig deeper, you will learn that data protection involves not just one team, but several teams [in an organisation]. It’s hard to navigate such complexity,” he said.

Read and watch the first part of the interview to learn about the data protection trends privacy professionals like Jon Bello are talking about.

Click to watch Part 2 of the interview.

Seeking certification to make sense of DP law

Bello observed the Philippine data privacy law, the Data Privacy Act (DPA), being enacted in 2012 and realised that organisations would need to comply with the DPA after the National Privacy Commission was constituted in 2016.

“That’s why, for me, in my case, I thought that there’s a strong need to look for some kind of certification that would help me understand the role of a data protection officer,” he said.

“As a lawyer, I tried reading the law and implementing those regulations and, I’ll be frank, I could not understand the law - and I had already been practising [law] for more than a decade - because the law speaks a ‘different language’.

“It’s different from our Philippine civil code and different from commercial laws. So I tried searching for certification bodies and stumbled upon IAPP, and then after that, I tried to look for any training groups that I could connect with. That was the time that I read about Straits Interactive.”

“I went through the process of certification [with Straits] and I became a Certified Information Privacy Manager (CIPM). You will have to be equipped with different skills; it’s not enough that you know the law, you will also need to know how to collaborate with other teams in your organisation to implement a privacy management programme. And one of the first things I learned was that you cannot work in silos.”

Why learning about EU GDPR matters

Another course that Bello took was Certified Information Privacy Professional/Europe (CIPP/E).

“This was very, very important as well. With CIPM, you will learn about privacy management, how to operationalise compliance, how to talk to the other teams, and how to implement a privacy programme.

“The next step for me was to learn about the EU General Data Protection Regulation (EU GDPR), simply because the GDPR is quite similar to the Data Privacy Act of the Philippines. We are seeing that many countries are being influenced by or are adapting the GDPR [for their own data protection laws].”

Bello added that negotiating contracts with a fellow legal professional poses fewer obstacles if his counterpart has a similar data protection background or certification.

“There’s a lot of common understanding, which makes the negotiation process easy,” he said.

“The reason why I want people to be certified, as well, is because there are a lot of things to know and understand about data privacy, and how it affects us. Having a commonality, let’s say a certification, either a CIPM, CIPP/E or Certified Information Privacy Technologist (CIPT), you would have a common language.

Journeying with Straits

Bello credited Straits Interactive for kick-starting his own data protection learning journey, and how Straits “continues to help me, providing me with resources and materials that would help me as a privacy professional, as a privacy cheerleader, as a privacy nerd and, at the same time, as a consultant for our clients seeking assistance in operationalising their respective privacy programmes.”

“I am also a proud member of the DPEX Network, and I continue to be a member. This [my legal and privacy profession] is what I do, this is what I am, and I really appreciate what the network is doing for me as a privacy professional.”

This article was originally published on 24 August 2022.