Do you really need a Data Protection Officer (DPO)?
The boom of technology raised many important issues. The protection of users’ data is considered to be a crucial one. The increasing number of internet scams, frauds, and cyber terrorism were the driving force for the creation of GDPR (General Protection Data Regulation).
At Sales.Rocks we see the GDPR compliance as an opportunity to grow our business within the European Union by gathering and distributing data in lawful ways. Our Data Protection Officer (DPO), Vladanka role has a crucial part in it.
She has been a part of our team for half a year now. As a DPO, Vladanka is training the employees that are involved in data processing, conducting audits, interfacing with data subjects and providing advice on data protection impacts. Also, she is serving as a point of contact between Sales.Rocks and the GDPR Supervisory Authority.
Vladanka, when you started working for Sales.Rocks, the platform was still in the testing phase. Can you share your first steps on making the Sales.Rocks platform GDPR compliant?
When I was first introduced to the Sales.Rocks platform, the first steps I took towards ensuring GDPR compliance was to understand how data moves in our company. Mapping the flow of data helped me identify potential risk areas that could provoke a GDPR compliance problem.
Last, but not least, I was preparing and conducting training sessions for my colleagues, informing them about the importance of data protection and raising awareness about the basic principles of GDPR.
The role of the Data Protection Officer is considered to be a complex, yet crucial job. How does your daily work day look like?
On a daily basis, I need to communicate with our CEO and the heads of every department regarding challenges like: the legal basis for data processing, the retention periods, the right to complain when customers are unhappy with our GDPR implementation, deciding whether data will be subject to automated decision-making, and protecting customers’ rights under the GDPR. In addition, I am continuously preparing GDPR onboarding training sessions for the new employees.
On the other flip of the coin, part of my role as a Data Protection Officer is dealing with all the required legal paperwork for making our company GDPR compliant. This is often a challenge since finding the right template to document all of the processed data isn’t always easy.
What was the biggest challenge regarding data protection that you have faced while working for Sales.Rocks?
The biggest challenge was dealing with complaints from some of the clients. I put all my efforts into proving them that Sales.Rocks is GDPR compliant.
The hardest part of being a DPO is earning clients’ trust on security, ensuring that they will continue to use your services.
What knowledge and skills are required for a person to become a DPO?
The starting point for a Data Protection Officer role is to have a legal background knowledge and technical background about GDPR. In order to become an expert in data protection it is highly recommended to be certificated from the EU board. As an alternative, you can take some online courses approved form the official EU sites. Moreover, as a DPO, you should keep updated with the new changes in the EU regulation.
DPOs are likely to be dealing with controllers and processors from different countries. Therefore, a strong sense of business culture and open-mindedness is required when dealing with different cultures. The real challenge is to combine these differences into a successful result. Having soft skills, such as communication and active listening, is also a must.
In order to handle requests and complaints from the data subjects, as a part of the General Data Protection Regulation procedure, a DPO needs to be able to communicate with the average citizen and avoid using technical and legal jargon.
Why should companies become GDPR compliant? What are the consequences if they refuse to respect the General Data Protection Regulation?
Aside from paying high fines, it is also important to put the GDPR into perspective and ask: What is this regulation protecting? The answer for many businesses would be the trust between a company and its customers, between them and other business, and indeed throughout the whole data landscape.
Talking about consequences, the cost of neglecting to respect the GDPR regulation may result in fines from 2% to 4% of the company’s budget. Moreover, it can definitely cause serious reputational damage and lead to a breakdown in trust between an enterprise and its customers.
In the end, I strongly believe that the future belongs to companies that protect and respect their customer’s rights when it comes to their data. Companies need to take care of their data subjects’ rights and freedoms when it comes to their personal data. If you want to grow your business, you need to have your clients’ complete trust first.
At the end of the day, being GDPR-ready is not a one-time project. It’s an ongoing process, and I believe we are rocking it :).