How to choose the perfect DPO
At this point you’ve almost certainly heard about the GDPR (General Data Protection Regulation), whether in passing or after discussing it at great length. In fact, your company has more than likely implemented a series of measures to ensure its compliance with the rules and regulations set forth by the legislation. You have probably even appointed your very own DPO (Data Protection Officer)!
For those of you who haven’t got round to it yet, here’s what you need to know!
First things first: what’s a DPO?
DPOs are the data sheriffs of the corporate world. They make sure that their firm/clients are GDPR-compliant and aim to oversee all processes pertaining to the handling of personnel information.
- A taste for risk
- Knows their company by heart
- Ability to work independently
- Knows everything there is to know about data protection and its legislation
A taste for risk
Risk assessment is integral to the DPO position, since the DPO’s aim is to ensure a company’s compliance through a series of recommendations and suggestions. Their risk-assessing capabilities are essential in order to plan and prioritise their various courses of action. Their role is to inform, advise and monitor.
The perceived authority of DPOs must be strong enough for them to advocate for change, and to ensure that their decisions are implemented throughout the company as requested. Beyond the person’s personality and broad shoulders, the company needs to provide them with a broad enough mandate, and access to managers whenever necessary.
DPOs must be readily available, in order to respond to legal and in-house requests that come their way. Their contact details will need to be easy to access for outside entities and company employees alike, and they will, of course, need to speak the same language as them.
Knows their company by heart
It (almost!) goes without saying: DPOs should be well-informed about the company’s business ecosystem and activities, so as to define the scope of the data they collect and figure out the regulatory framework that applies to it.
DPOs (data protection officers) must have honed organisational skills and a keen eye for detail, especially considering that they will be interfacing with all company departments: HR, accounting, marketing & communications, IT, etc. Procedures will need to be implemented in a thorough and methodological fashion, to make sure that all parties abide by the RGDP roadmap that’s been set out.
Legal/data protection expertise
This is a given, but DPOs must have some knowledge in the field of Data Protection.
Ability to work independently
GDPR regulations state that DPOs cannot be reprimanded or coerced during the exercise of their function as DPO. This must be laid out in the contract drawn up between the employer (or client) and the DPO. If the DPO has another role at the company, they can, however, be disciplined for reasons that are outside the scope of their role as DPO. Procedures must therefore be adapted in order to guarantee that that any sanctions taken against them are not otherwise motivated.
Provided with a clear mandate
For DPOs to be top performers, they need to be provided with the means to carry out their mission. They will undoubtedly have technical, human and skill-based requirements, which in turn require a budget, resources, a team at their disposal, training courses… To top it off, in order for DPOs to garner respect, the company will need to communicate at length about the topic.
All work deserves payment
DPOs’ median annual salary is £50,000