What Background Makes a Good DPO?
By Yunique Demann, Associate Director Risk – Data Privacy
The enactment of the EU General Data Protection Regulation (GDPR) formalized the role of the Data Protection Officer (DPO) role to ensure there was senior leader in the organization who was responsible and accountable for driving the privacy program and upholding the rights of data subjects and their data.
The role of the DPO is to implement a data protection strategy that aligns with GDPR and other privacy laws that supports business objectives and reduces risk. The DPO oversees the development, implementation and maintenance of data privacy and data protection policies and ensures the organization processes personal data of data subjects (employees, customers, and other individuals) in a compliant way that reduces the potential for data breaches and protects the data throughout its lifecycle with that business. DPOs should operate independently, with full support from executive management all the way through to the board.
As the need for privacy professionals increases, the pool of qualified individuals with the knowledge and capabilities comes largely from two groups: privacy lawyers/legal privacy professionals and the IT privacy professional from an IT and/or security background. The privacy lawyer focuses on privacy laws and provides legal guidance and direction on compliance with those laws. IT/security privacy professionals have a good understanding of the law and can also provide guidance on implementation of privacy requirements. They usually have a deeper understanding of the security and risks factors associated with compliance based on their closeness with the business and can provide guidance on technologies, process and procedures that support the security of processing.
Both roles are effective and approach privacy from a different perspective, and both can function in the role as a Data Protection Officer (DPO). An effective DPO does not need to come from a legal background but a good understanding of law is a mandatory requirement for understanding privacy requirements.
There is another role that can become a DPO – compliance officer – but he or she must demonstrate independence when overseeing the privacy function. Under GDPR, the DPO must be free from conflicts of interest. In a recent case, the Belgian Data Protection Authority fined an organization €50,000 for failing to ensure the DPO was free from a conflict of interest. Therefore, in meeting requirements specific to GDPR, although the DPO may fulfill other tasks, the tasks related to compliance must not result in a conflict of interest.
The career trajectory for a privacy professional also can evolve into becoming Chief Privacy Officer (CPO). The person in this role should be comfortable with owning the privacy program as it pertains to developing policies and liaising with IT/security and vendor management. In this role, the IT privacy professional may have a head start, but this in no way excludes the privacy lawyer from creating these relationships and gaining the necessary knowledge.
With the introduction of ISACA’s new Certified Data Privacy Solutions Engineer (CDPSE) certification, privacy professionals have a new opportunity to assess their privacy-related skills against a new globally recognized standard. CDPSE is the latest credential from ISACA for those who participate in the design, implementation and management of technology solutions that store, process and transport personally identifiable information (PII).
Having a formal certification provides the external validation that those performing in the function as a DPO are qualified and meet a recognized criterion for managing a privacy program. IAPP and now ISACA are leading the way in developing internationally recognized certifications in this area, although there are multiple country regulation-specific certifications for privacy around the world.
As someone who has come from a security background, I have found my background has been a complement to my current role as a DPO and has helped me collaborate with the IT and security teams in supporting the privacy program. I choose to pursue additional post-graduate qualifications for navigating the different privacy laws and gaining legal skills. The certifications available now can better equip privacy professionals with the skills and knowledge they need to excel in their DPO roles.
PMI Virtual Experience Series Call for Proposals
Do you have a great idea for a presentation? Consider submitting it and be a part of our inaugural Virtual Experience Series
Submit your proposal here: https://na.eventscloud.com/eSites/534079/Homepage
Any questions? Please contact email@example.com.
Just three months ago we launched the ProjectManagement.com Community Ambassadors Program, an initiative to provide community members with additional support resources who facilitate and encourage constructive conversations as well as assist members in navigating the community. We are happy to announce that our Ambassadors, Emily Luijbregts and Andrew Craig, will be our presenters during our Q2 “Discover PMI – Ask Us Anything Series!” scheduled 27 May 2020 at 11:00AM EDT.
During the “Getting the Most out of Online Community with ProjectManagement.com’s Ambassdors” you will learn the following:
The community’s first Ambassadors, Emily Luijbregts and Andrew Craig, will be on hand to answer any questions. Whether you are new to the online community or are looking to become more involved, the Ambassadors can certainly help you to maximize your experience – find out how!
We hope all of you can register for this exciting webinar. Please click here to register!
Thank you all, and we wish you well!
First and foremost, I know that the entire world may in a state of uncertainty and/or anxiety. This feeling only demonstrates that we are all human, something we all have in common. As Coronavirus causes the usual delivery of programmes around the world to be disrupted, we here at PMI are working hard to support the ProjectManagement.com community through this period of uncertainty. As we embrace this uncertainty together, I urge you all to “March On” and Remain Strong! We have valuable resources and information here on the site to keep us informed and up to date, so I encourage you to keep tabs on the on goings within this fabulous community, solely comprised by YOU! So, let’s begin!
The World Health Organization (WHO) has declared the coronavirus outbreak a global pandemic. Given that action, you may be required to work at home given the continued spread of the coronavirus-19. There is little doubt that is putting remote work to the biggest stress-test ever. Continue reading Kevin Coleman’s Blog post that reveals how this virus-related work at home experience of employers and employees will influence the future of work forever.
Can You Believe It? The PMXPO 2020 Virtual Event is just two weeks away!!! So that means there’s plenty of time to register for this live, FREE event on 26 March! Whether you’re a seasoned PM or new to the field, it's your opportunity to learn, network with thousands of your peers, earn PDUs and a badge, and broaden your perspective on project management—all from the comfort of your home or office. And best of all, it’s all free! You definitely don’t want to miss our Keynote Presentation—Building Unstoppable Teams: How a House Built a Family, presented by Cara Brookins. Register Now for PMXPO 2020!
REMINDER: Our virtual Ask the Expert Webinar Series will focus on the Healthcare industry with the first webinar scheduled Monday, 16 March 2020. Our Experts are: Lori Wilson and David Davis. Register here so you don’t miss out on this important topic!
Did you miss our most recent “Ask Us Anything” series on 27 February 2020? If so, no worries, you can now watch it On-Demand! This webinar, “We Are Many, We Are One! Discover The Face To Face Community Aspects Of PMI: It’s 300+ Global Chapters!” explored the value of PMIs 300+ chapters across the globe to learn how you can benefit from engaging with the one close to you. Face to face exchange with your PPPM peers - close by - in your language - relevant to your career, your industry and your market. You will also learn how chapters align to and deliver on PMIs strategy, how they are created and run, and how you can get involved even as volunteer! Check it out!
Check out PMI’s new offering, the PMI Ascent Certificate. With 4 clear, practical, actionable tools, this course will teach you how to build a shared vision with your agile teams, lay the foundation for a productive collaboration and create project plans that enable agility and ensure success for your projects. Click here for detailed information and FAQs.
Ambassadors Program Reminder: Our Community Ambassadors, Emily Luijbregts and Andrew Craig, are here to help you – ask them about anything from navigating the community to networking to career advice! Please feel free to reach out to Emily & Andrew with a direct message via the Inbox.
That’s all for now, we encourage you to check back for future updates within the Critical Path blog. Thank you for all of your feedback and engagement and keep up the good work!
Have you registered for the 13th annual PMXPO Virtual Conference scheduled on 26 March 2020? If not, I urge you to take a sneak peek of our Keynote Speaker, Cara Brookins, a bestselling author who rebuilt her broken family by building her own house watching “how-to” videos on YouTube. The subject of an upcoming movie, Cara shares her inspiring story filled with determination, passion and grit. Cara shares tactics to blend an imperfect mix of personalities, talents and temperaments into cohesive, unstoppable teams. CLICK HERE to register!
As always, YOU are driving force within the Community, and we cannot thank you enough! Continue posting your intriguing subject matters or questions in our various Discussion Forums. We want to hear about them all, and help you get to where you're going today and tomorrow. Your feedback and ideas are most welcome!