Modern Business & the Role of the Data Protection Officer
Why the DPO
With recent data breaches, scandals, and trends in big data, Data Protection Officers are proving essential for companies who process or control user data. Under the recently enacted GDPR, companies must follow stringent guidelines for data privacy and are required to provide customers access to their data.
The GDPR became effective May 25 — and only weeks after — new governing bodies are approving similar data regulation, including California and it’s Consumer Privacy Act. The state recently passed a privacy bill to grant residents enhanced data privacy rights.
Data Protection Officers present an opportunity for companies to operate within new regulations, maintain a healthy relationship with user data and regulatory bodies, and work through subject access requests. DPOs also provide transparency to the public as an appointed executive in charge of all things privacy.
Growth in Data Protection Hiring
Since the EU announced that GDPR would be coming into effect in 2018, companies have been scrambling to reorganize their privacy efforts and comply. As far back as two years ago, a trend started with the hiring of DPOs. One estimate last year suggested that the GDPR would generate demand for 28,000 DPOs in Europe and America, and 75,000 worldwide.
Now more than ever, companies that control or process data need a Data Protection Officer.
These experts — with a background in law, privacy, and technology — support a company’s compliance with regulation, ensuring that all departments are run in accordance. Since GDPR came into effect on May 25th, many companies have faced lawsuits and an abundance of Subject Access Requests.
“On the first day of GDPR enforcement, Facebook and Google have been hit with a raft of lawsuits accusing the companies of coercing users into sharing personal data. The lawsuits, which seek to fine Facebook 3.9 billion and Google 3.7 billion euro (roughly $8.8 billion in dollars), were filed by Austrian privacy activist Max Schrems, a longtime critic of the companies’ data collection practices.” — Russell Brandom on The Verge
The Role of a Data Protection Officer
Data Protection Officers own all security efforts, manage data protection, and evaluate privacy risk. Privacy has become a hot topic, and firms are looking to integrate privacy, security, and protection with regard to data into their systems. With experience working in legal or regulatory fields, Data Protection Officers are capable of advising executives on compliance guidelines and risk associated with data. Further, Data Protection Officers act as a point of contact with both the regulatory agencies and data subjects. This allows companies to maintain a relationship with the governing body and its customers to ensure both parties are satisfied.
Further, DPOs can run educational training programs for company teams. By informing employees of how their work pertains directly to regulation, DPOs ensure that every employee has their data secure and in compliance.
DPOs can assist controllers or processors in all issues relating to the protection of personal data; they help companies by:
- Informing and advising the executives and employees of a company on managing data collection and processing;
- Monitoring the organization’s compliance with all legislation in relation to data protection by providing internal audits and raising awareness to departments as to how their role pertains to the data;
- Acting as a contact point for requests from individuals regarding the processing of their personal data and the exercise of their rights;
- Cooperating with Data Privacy Authorities and acting as a contact point for DPAs on issues relating to processing.
Consumers, companies, and regulators alike are becoming increasingly aware of the potentially problematic methods of handling data. A driving factor of this increased awareness is the media spotlighting massive breaches and scandals occurring for large corporations, informing users of the risks of sharing their information. In the EU, the regulatory body responded with GDPR to protect its residents, which led to significant changes in data processing worldwide.
Most recently, California created a bill to take effect in 2020 — which will produce a similar impact on the processing of data and by granting additional rights to data subjects in the state. As users become more aware of the methods of processing data, companies will be further pressured to comply with data privacy policies. Data Protection Officers provide confidence and transparency in the new Age of Privacy.