Importance of DPOs
The Facebook-Cambridge Analytica data scandal in 2016 and the outcry against WhatsApp in 2021 clearly demonstrates how sensitive consumers are when it comes to privacy. For many, the reaction justifies the data protection laws and the creation of data privacy software in various jurisdictions across the world.
After printing was first invented, privacy became a concern when the potential of information to be widely circulated became apparent. Eventually, the flow of information brought about “rights” conflicts between the wider establishments and the individuals.
The post-war development of technology brought about the Information Age. In the Information Age, data helps organisations to be more effective and efficient in the way it produces, communicates, operates and organises itself. The Internet connected the world and within a few years, organisations and individuals transitioned from desktop to mobile devices.
The Need for Data Protection Laws
To safeguard the interest of individuals, legislation played a catch-up game to ensure organisations are provided the right guidance. This involves balancing of the consumer rights, individual rights, and economic and business ethics and requirements.
The Rise of the DPOs
Most of the jurisdictions put in place legislations that help ensure organisations demonstrate accountability and responsibility in the collection, usage, disclosure and storage of personal data. As part of this legislation, many organisations have been required to appoint a DPO or Data Protection Officer.
For example, the GDPR requires the processor/controller to designate a DPO if they are going to store or process massive amounts of EU citizen data, monitor data subjects regularly, store or process special personal data, or a public authority. This covers most of the business operations in the EU in the Information Age.
What You Should Know About Data Protection Officers
The primary role of data protection officers is to ensure that personal data of the staff, customers, providers, and other individuals are processed in compliance with the applicable data protection laws.
Appointing a DPO should be based on professional and personal qualities. However, particular attention must be given to the candidate’s expert knowledge of data protection.
A thorough understanding of how the organisation operates is also considered a must. It is also crucial that a DPO has knowledge of data protection trends. Gaining certifications such as by way of PDPA training is also recommended for them to be able to perform their roles better.
Data protection officers have to juggle the fields of business operation, governance, law, consumer ethics, and compliance and risk management. While this can seem like a tall order, it is considered crucial in view of all the risks organisations are exposed to today.
Tasks of the DPO
A DPO needs to make sure that the rules of data protection are respected in cooperation with the data protection authority. In EU bodies and institutions, a data protection officer must:
- Make sure data subjects and controllers are aware of their data protection rights, responsibilities and obligations, and must raise awareness about them.
- Give recommendations and advice to the institution regarding the application and interpretation of data protection rules.
- Create a register of processing operations with the institution and inform the European Data Protection Supervisor (EDPS) about those that present certain risks.
- Make a register of processing operations with the institution and help it to be accountable in this respect.
- Handle complaints and queries on request by the institution, other persons, the controller, or by their own initiative.
- Cooperate with the EDPS (this is in terms of responding to requests about investigations, inspections conducted, and handling of complaints).
- Draw the attention of the institution to any failure to comply with any data protection rules that are applicable.