Eight must-have features of data protection officer
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
July 19, 20211K views0 comments
There have been ongoing debates about what a data protection officer must have to carry out her job appropriately. Especially in Nigeria, stakeholders are asking what a DPO possesses to be efficient in her role. In this piece, I highlight eight critical features of a DPO.
Knowledge of the regulation. You can’t teach what you don’t know, and you can’t guide people with common sense when it comes to data privacy laws and its attendant implementation implications. Therefore, the DPO must understand the law and understand how it applies to businesses. This feature is the bedrock of every DPO requirement.
Understand the Basic Implementation Technicalities. Most people argue that the theoretical knowledge is enough. That’s not true. As a DPO, you must understand some basic technicalities. For example, you should know how to relate with IT and other departments for a Data Subject Access Request (DSAR). You must know how to merge various work functions to meet certain principles within the regulation. You don’t have to know how to write security codes, but you should know what to tell the writers of those codes.
Must Be a Good Project Manager. Having this skill is very important. The DPO must be able to create and manage the end-to-end data privacy lifecycle. In addition, she must understand the business strategy, its current state and prioritise areas that need risk mitigations. Companies manage various data privacy projects, and therefore, DPOs must juggle these projects simultaneously.
Must Be A Good Communicator. It’s worth reiterating that data privacy is a team game. However, there is one factor that makes the team align and work towards a single goal. That factor is called communication. A DPO must communicate to various stakeholders to drive home the data privacy missions and visions. If the team members are not clear about their roles and responsibilities, it can affect the overall data privacy function. These communication skills must be both verbal and written. There was a case where staff in a particular insurance company complained, misunderstanding their role in a DSAR framework.
Ability to Work Independently: Because the DPO controls many facets of the data privacy frameworks and reports straight into the C-suite level, she must work independently without guidance. She must also act as the subject matter expert in everything related to data privacy within that company. Therefore, she must work independently regarding matters of data privacy without much interference from within and outside.
Demonstrate leadership: The DPO role sits on a managerial level, and most times, this individual will have people reporting to her about certain statuses. Therefore, the DPO must demonstrate good leadership qualities. one crucial skill that stands out in the DPO leadership role is accountability. She must be able to explain and show her expertise through various business functions. Driving the data privacy vision for any company is the function of a good DPO, and that means the ability to lead series of individuals with various psychological dispositions to the promised company data privacy positions.
Display business and interpersonal acumen: Data Privacy is a business function. As such, the DPO must display excellent company and interpersonal understanding:
•The DPO must understand the business operations, how data flows within the business and how those data set feed the business process. With this clear understanding, she can give the proper data privacy directions for the company.
•She must understand the financial implications of any data privacy implementation.
•The DPO must understand how to liaise with external business parties to reach desired business outcomes.
Experience in privacy and security risk assessment. The DPO must have vast experience assessing privacy risks within the organisation. She must be able to proffer attendant solutions to the existing problems. Risk management skills are at the core function of the DPO qualities. Using the Risk-Based Approach would help the DPO with risk mitigations strategies.
DPOs, regardless of the organisation, must have these eight features to be successful in their roles, and stakeholders should be aware of these qualities before selecting their DPO.