Contact Members Join
AmCham Romania
Members only
Home |Privacy policy
AmCham Romania News #AmCham #DataProtectionMonth: Ask the #DPO

#AmCham #DataProtectionMonth: Ask the #DPO

by AmCham Romania May 5, 2022

What are the tips & tricks for engaging the management and the business in a data protection program? How can a data protection professional bring on board the management and the business when it comes to implementing data protection rules? Did it become easier over the years?

The first step to improving data protection for organizations is conducting a risk audit and then creating a risk register. Second step is to make sure that the DPO reports directly to the highest level of management of the organization.

Data protection must be prioritized at the highest levels of your organization in order to implement the best solutions. Apart from being aware about the growing number of fines being issued, C-level executives may not be aware of the specific measures required to comply with the numerous rules, or why they are so critical. That's where you, as the DPO, come in and can resonate the business side of GDPR compliance for the organization, both the benefits and challenges.

Executive buy-in is essential to drive a culture of privacy and security throughout an organization. Although a top-down approach will help to emphasize the importance of data privacy and security for the organization, it will still be necessary to explain to employees why data privacy and security are required, what the main risks are, and how risk reduction will help the business.  Employees need to understand the part they play in achieving a common data privacy and security vision — but in an engaging way, not one that is condescending or demeaning.

As data breaches continue to become the business risk of the decade, the ability and importance of being ‘in control’ of your organization’s personal data handling should especially be emphasized to management. Furthermore, as consumers become more conscious of the data they provide, it should be communicated to management how much trust your organization can gain by putting data protection at the heart of its operations.  

DPOs need C-level management to help them excel in their roles within the organization. As such, having open, direct, two-way communication between the DPO and those in charge of business is vital for both parties. It’s so important for C-level to acknowledge the importance of putting data protection at the heart of the company, but also to go beyond, and continuously support the DPO in carrying out the tasks for compliance.

How do you see the future of data protection, in general and in your organization? Do you see any trends & developments in terms of data protection that will ease or make more challenging the work of a data protection professional? Is, for example, the rapid adoption of technology and the increased need for more tailored marketing campaigns keeps you awake at night?

GDPR is still associated with large fines in general. That's terrible, in my opinion. Because if you're doing something about GDPR because you're afraid of fines, you're approaching it from the wrong angle.

I completely understand why people are concerned about large fines. Still, it means that much action is motivated by fear rather than the opportunity to protect something that belongs to someone else – their personal data. That alone should be enough to convince you to take GDPR seriously.

Complying with the regulation creates transparency and accountability towards customers, partners, and authorities, increasing trust and improving organizational reputation.

GDPR compliant companies can make better business decisions and forecasts as they are able to trace customer trends in real time, and determine why certain customer trends are happening, and how sales might be affected.

Technological evolution shows that the number of users who share their data is constantly growing. As a direct effect of this increase, the entire data lifecycle has been extended, along with the number of entities that have access to it.

Issues associated with emerging technologies (AI, blockchain, etc.) from a personal data protection perspective may include possible re-use of the user's data without his knowledge and without reasonably expecting it or re-identification of users whose data have apparently been pseudonymized or anonymized, based on the very large volume of data available and the extensive possibilities for correlating or connecting such data.

However, technology plays a key role in the GDPR compliance process. Technologies to improve privacy have emerged in this regard (Privacy Enhancing Technologies). Data Masking and Privacy-Preserving Computations can facilitate compliance with the principle of integrity and confidentiality of the GDPR, and may also cover the principles of liability and limitation of purpose, depending on the technique or context of the processing operation used, like Secure Multiparty Computation used in blockchain technology, Homomorphic Encryption, Private Information Retrieval and use of Synthetic Data.

More from AmCham Romania News

Previous Next