The role of a Data Protection Officer may not be glamorous, and it may often be forgotten, but DPOs are essential in today’s digital environment. This is especially since digitalisation is the way to go if a business wants to survive in today’s economic environment. The Covid-19 pandemic which has devastated the global economy has proven that those that can quickly adapt and implement digital transformation are the ones that will make it through adversity without too much trouble.
However, malicious actors know how important digitalisation is to businesses; and as such, this makes customer and employee data incredibly vulnerable. Businesses will want to ensure that this data is protected; and such is the task of a Data Protection Officer (DPO).
The tasks of a Data Protection Officer (DPO) can be summarised into the acronym G-A-P-S-R:
Firstly, the DPO’s task is to assist the organisation to govern how personal data is being collected, used, disclosed, or stored within an organisation according to the requirements of the Personal Data Protection Act and relevant data protection laws.
From an operational perspective, the responsibilities of the DPO includes:
With the ongoing pandemic and lockdown situation, a pattern increased online transactions and e-commerce has occurred. New privacy-intrusive technologies are being used to process personal data. In addition, the entire world is pressing the reset button in terms of data protection laws and requirements.
Things have been thrown into disarray as organisations have other priorities to meet in the midst of the pandemic. Despite this, the demand for DPOs remains robust.
The first important benefit of having a DPO in an organisation is to prevent the organisation from having a data protection breach and to demonstrate accountability to the regulators. Additionally, DPOs can aid in guiding the organisation to reach the level of data protection standards that the organisation is looking towards attaining, e.g. Data Protection Trustmark (DPTM) in Singapore. They do so by assessing the risks involved by looking at the data map of the organisation and identifying gaps as well as recommending the relevant actions that the organisation should take according to the strict DPTM requirements.
Having a DPO onboard can also do wonders for both the customer and employee experience. The DPO needs to work with the various departments to set up the necessary data protection policies. In the process of operationalising them, the DPO will need to work with the respective line managers to map out the organisation’s data map and identify gaps, as well as make recommendations to address the gaps; this ensures that the data in the organisation’s possession is secure and protected and is consistent with stated policies.
This will give customers and staff the assurance that the organisation is taking precautions in keeping employee and customer data safe. This also helps employees, especially those in customer-facing roles, to have confidence in reassuring customers that the organisation is reliable and will take the utmost care in handling their data.
Article contributed by Kevin Shepherdson (FIP, CIPM, CIPP/A, CIPP/E, CIPT, GRCP)
The views and opinioins expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region
Thinking about enhancing your data protection competencies?Data Protection / DP…
In our DPEX Network Community, we recognise there is a diverse base of learners…
With the rapid evolution of technology and digitalisation, it is evident that w…