The Data Protection Officer’s Toolkit: Equipping for Compliance

As the General Data Protection Regulation (GDPR) comes into effect, so the role of a Data Protection Officer (DPO) has become critical. Here, Francois Cadillon, VP UK and Ireland for MicroStrategy discusses the roles and tools that the DPO will need to help their organisation thrive in a GDPR world.

The Information Commissioner’s Office (ICO) is the body in charge of enforcing the GDPR in the UK. For public authorities or bodies, and organisations that carry out certain types of data processing activities, the ICO requires the appointment of a Data Protection Officer.

The DPO’s job is absolutely crucial; not only will the DPO help its organisation to remain GDPR-compliant, but they can also help it further improve workflows. The DPO is in charge of Data Protection Impact Assessments (DPIAs), will follow the latest compliance requirements, and should share compliance knowledge internally.

To meet its wide remit effectively, the DPO will need access to tools to help them do their job.

Ensuring data accuracy

One of the key pillars of the GDPR is Article 5, which concerns the collection and management of data, requiring that it is accurate and up-to-date. Organisations that need to collect and store personally identifiable data on individuals must plan for the long haul when it comes to data management.

This means the DPO must have access to analytical technology that will enable them to make sense of their data and manage it in a way that will help them remain GDPR-compliant.

Ensuring data protection

Data security lies at the heart of the GDPR. Any data breach must be reported to the ICO within 72 hours of its occurrence, and the GDPR has strict requirements on breach detection, investigation and internal reporting.

This is where cloud computing has a core role to play. Many organisations outsource their document management to the cloud. This means personally identifiable data will often lie outside the organisation’s own servers. DPOs need to be confident in their cloud supplier’s security and rest assured that only appropriately authenticated users are granted access to sensitive information.

Good governance must now become the cultural norm at organisations, and the cloud can help. For example, the GDPR stipulated that Personally Identifiable Information (PII) held on European Union (EU) citizens must be processed and stored within the EU. The DPO must also be able to locate the data quickly upon request and delete data if asked.

The GDPR also contains guidance on how data should be stored, for example, by using encryption.

Making the most of data

Analysts, data scientists and other data-led decision makers within the enterprise will need access to the personal data that the organisation holds. The means the DPO will need to enable these individuals to access and use the data in a GDPR-compliant way.

Consolidating the full breadth of critical enterprise analytics and mobility functionality in a single platform will help those data experts do their job even more effectively and arm them with the clear visibility over data that they need to make better business decisions.

Data analysts will most likely need to use data from both on-premise and cloud sources. This means that organisations may need to anonymise user data before sharing with third parties. The cloud gives DPOs the flexibility they need to set preferences in order that their data teams can continue to derive insights without being restricted by GDPR regulation or at risk of breaching them.

Reputation matters

While the financial implications of a data breach are severe – up to €20 million or 4% of annual turnover, whichever is higher. A data breach will also provide long-term reputational damage, which will impact on revenues over the long term.

The DPO’s role with therefore extend beyond a purely technical role working with the Chief Information Officer (CIO) into one which impacts the C-suite directly. They must have access to the legal team, the Chief Financial Officer (CFO), the head of Human Resources (HR) and the head of Public Relations (PR).

The DPO will have to be something of a polymath; they will need to have a good comprehension of data protection law, an understanding of how the GDPR will impact their organisation, and where technology can help potentially.

The cloud has a significant role to play in ensuring GDPR compliance, and we only anticipate this growing in the years to come as organisations look to balance the requirements of compliance with the need to drive economic and operational efficiencies.

Does your Data Protection Officer have the support they need?

About the Author

Francois Cadillon, the VP of data analytics company MicroStrategy has written the below by-line about the role of a Data Protection Officer in a post GDPR world. The article considers how The DPO’s job is absolutely crucial; not only in helping organisations remain GDPR-compliant, but also to improve work flows.