“Working as a Data Protection Officer is set to become the most desirable and sexiest job of this decade”, said the editor-in-chief for DataIQ magazine in 2016. And indeed, the DPO profession is growing fast and will continue to grow even faster. IAPP estimates that as many as 75,000 new DPO positions will appear worldwide in response to GDPR. The increase highlights an apparent demand for DPOs, but it doesn’t reveal the challenges when working as a DPO.
At DPOrganizer, we work with a number of DPOs striving to affect positive change through privacy management. Here are the top five challenges we’ve noted DPOs like you face as they pursue true transparency and full compliance in today’s personal data-driven economy (and how to overcome them).
1. Lack of resources
Almost half of the DPOs don’t have a dedicated privacy team. Under-resourced DPOs are a very real problem. DPOs have many operational tasks on their table, and those without staff are likely struggling to keep up.*
Possible solution: A DPO needs to use their communication skills to convey the importance of data protection in order to get more resources. In most cases, this involves training of staff and senior management to help out with privacy issues.
*Source: EY Privacy Governance Report
If there is a privacy team in the organization, the DPO still has an obligation to be independent. Therefore, many DPOs often sit off to the side of the core privacy team.
Possible solution: Work to build data protection into the daily operations in the organization. A DPO should never act on their own, and everyone facing customers or employees needs to be involved in data privacy issues.
3. The broad remit
A DPO must tackle everything from training and educating the organization on privacy issues to handling consumer access requests, to interacting with local regulators.
Possible solution: Take inventory of your situation and hold off doing anything that isn’t a priority right now. Give less attention to lesser priority tasks, and put all your effort on a few top tasks that you have to do.
4. The workload
Data subject access requests, breach notifications, data protection impact assessments… About 40 percent of organizations have done a minimum of six data protection impact assessments since May. The man-hours involved vary from organization to organization, but can be overwhelming.*
Possible solution: Delegate. Holding on to too many tasks is a common mistake that many managers make and, often, leads to a situation where many objectives fall by the wayside as a result of taking on too much.
5. Insufficient tools
Mapping and inventory operations are often conducted with manual or informal tools, such as email, spreadsheets, and in-person communication. Almost 45% of DPOs use these basic tools, which can be risky and makes the work extra tiresome. Top Management may have limited awareness of the benefits in investing in a tool, and little desire to do so.
Possible solution: Translate the risks and benefits of GDPR and of working with manual tools into top-level management language. Avoidance of fines, risk of lawsuits, reputational risks and enhanced data subject trust are arguments that are most likely to hit home.
Liked this blogpost? Here’s another one on a similar subject:
Why privacy professional have one of the most important jobs of today