The role of a Data Protection Officer (DPO) may not be glamorous, and it may often be forgotten, but DPOs are essential in today’s digital environment. This is especially since digitalisation is the way to go if a business wants to survive in today’s economic environment. The COVID-19 pandemic which has devastated the global economy has proven that those that can quickly adapt and implement digital transformation are the ones that will make it through adversity without too much trouble.
However, malicious actors know how important digitalisation is to businesses; and as such, this makes customer and employee data incredibly vulnerable. Businesses will want to ensure that this data is protected; and such is the task of data protection officers.
To learn more about Data Protection and the importance of DPOs in safeguarding personal data, please read our Data Protection 101 guide.
The tasks of a Data Protection Officer (DPO) can be summarised into the acronym G-A-P-S-R:
From an operational perspective, the data protection officer's responsibilities include:
With the ongoing pandemic and lockdown situation, a pattern of increased online transactions and e-commerce has occurred. New privacy-intrusive technologies are being used to process personal data. In addition, the entire world is pressing the reset button in terms of data protection laws and requirements.
Things have been thrown into disarray as organisations have other priorities to meet in the midst of the pandemic. Despite this, the demand for DPOs remains robust.
The first important benefit of having a DPO in an organisation is to prevent the organisation from having a data protection breach and to demonstrate accountability to the regulators. Additionally, DPOs can aid in guiding the organisation to reach the level of data protection standards that the organisation is looking towards attaining, e.g. Data Protection Trustmark (DPTM) in Singapore. They do so by assessing the risks involved by looking at the data map of the organisation and identifying gaps as well as recommending the relevant actions that the organisation should take according to the strict DPTM requirements.
Having a DPO onboard can also do wonders for both the customer and employee experience. The DPO needs to work with the various departments to set up the necessary data protection policies. In the process of operationalising them, the DPO will need to work with the respective line managers to map out the organisation’s data map and identify gaps, as well as make recommendations to address the gaps; this ensures that the data in the organisation’s possession is secure and protected and is consistent with stated policies.
This will give customers and staff the assurance that the organisation is taking precautions in keeping employee and customer data safe. This also helps employees, especially those in customer-facing roles, to have confidence in reassuring customers that the organisation is reliable and will take the utmost care in handling their data.
Article contributed by Kevin Shepherdson (FIP, CIPM, CIPP/A, CIPP/E, CIPT, GRCP)
Updated on 13 October 2021
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region
Well, this was going to happen at some point in time in the world - with the ex…
In the wake of major breaches, the Public Sector Data Security Review Committee…
Now that we are starting a new year, we can reflect on a few compliance trends …