Things to Look for When Appointing a Data Protection Officer (DPO)

Appointing a Data Protection Officer (DPO)

If you live outside of the European Union, you might excuse for not knowing who data protection officers are and what they do at a company. However, if you are a business owner and are planning to expand your activity to include the Old Continent, chances are you are already on the lookout for one, due to the stringent requirements put in place by the EU’s General Data Protection Regulation.

The highly controversial set of data privacy laws sent shockwaves across Europe and the entire world at the moment of its application in May 2018. Since then, companies have scrambled to meet the Union’s requirements to allow to operate in Europe.

The proponents of this bill point towards the more excellent protection of ordinary citizens’ data, which prevents them from getting exploited by giant corporations. Its opponents, however, are gravely concerned about the GDPR’s adverse effects on the economy, as well as ponder on whether it is actually within the EU’s competences to introduce such strict regulation.

Regardless of where you stand on this issue, if your business has servers in Europe or operates using European citizens’ data, you might meet the requirements for a necessary appointment of a data protection officer. You can hire them via a third party, from companies such as Bulletproof or SecureTrust, or through online resources, such as the DPO Network Europe, which gathers some of the best DPOs across the continent.

Which Companies Need a DPO?

One of the biggest misunderstandings about GDPR is that only large companies need to hire data protection officers. Although this is greatest often the case, the size of a company is not what it’s all about. You can run a massive enterprise, but find yourself not needing a DPO.

When it comes to which companies obliged to hire a DPO and which aren’t, it all depends on the scope of data handling they engage in. If you run a tiny business, but your primary area of expertise is the storage or analysis of personal data, you will be required to hire a data protection officer.

The same rule applies to large companies who don’t handle data — if you employ hundreds of people. Still, personal information of European citizens barely ever reaches your firm’s servers, you might spare most of the burden that comes with adhering to the GDPR’s many requirements.

The Perfect Data Protection Officer

Having to hire an employee for a brand new position at your company is always a stressful and challenging task. Not to mention the detail that this particular position imposed upon you by an external factor! However, if you do find physically in need of hiring one, here are a couple of characteristics of a good data protection officer:

• In-depth knowledge and understanding of GDPR. This point does not need to explain — if you suspect your DPO of not too well-versed with the document that made their appointment a requirement in the first place, you should let them go immediately.
• Practical understanding of the regulations. Academic knowledge will not cut it in the real world. A solid DPO can swiftly react to operational changes in your company and should be able to ensure the correct implementation of the EU’s regulations, to keep your business out of unnecessary legal trouble.
• Outstanding communication skills. A vast majority of the data protection officers’ duties consist of contacting all of the different departments in your company and making sure that they are all up to date with the most recent data protection practices. It includes making sure that HR disposes of past employees’ data correctly, that marketing does not use customer’s personal information against their wishes, and so on. There is simply no way that someone with subpar communication skills. And low emotional intelligence would be able to handle these tasks.
• A knack for teaching. Although it is not the essential quality to look out for, the ability to convey information in a way that will stick in their listener’s minds is a highly desirable trait when it comes to DPOs. Data privacy laws are still relatively young, and they are bound to evolve — it falls within your DPOs job description to keep all employees informed and educated of any changes to these regulations.

Final Thoughts

It’s been over two years; meanwhile, the GDPR first implemented, and it looks like the new laws are here to stay. There is no opinion in trying to avoid or outsmart data protection regulations because even if it is technically possible, you will end up spending much more time and money on keeping up such schemes in the long run.

The advantage of being able to compete in the European market is well worth the compliance, especially when you consider the fact that many governments across the world have started looking towards GDPR as the best model for data protection practices and seek to implement it in their own countries.