More interesting ideas emerged when the panel discussed data protection officers (DPOs). It was agreed that these shouldn’t take on the role of data police, but become a focal point for interpreting the regulations and answering questions. It was suggested that these should be complemented by ‘data stewards’ or ‘privacy champions’ with the task of spreading awareness of the need for compliance. It was stressed that this should be company-wide, including the call centre or help desk – as both are in the frontline if a customer calls to ask what the business is doing with their particular personal details.
However, to return to Manser’s advice about keeping calm – how is this possible with May rapidly approaching towards us? He adds that there’s no point in either becoming over-excited and making staff work themselves into the ground or going into the doldrums and doing nothing because it’s too late.
” You will need to show you are working with intent though and have a plan to get you to compliance,” said Manser.
I would add that anyone in this position should remain methodical and find a technology that will act as your framework. Then, if regulators do come in your direction, you can show them your road-map and the technologies you intend to use to get to your destination and remain compliant after that.
So, remember, GDPR compliance is not just for May, it’s for life – or least until the regulations are updated yet again. Take this opportunity to get it right and the business will benefit from better value – as well as better protected data.