Since May 2018, the General Data Protection Regulations (GDPR) requires companies to assign a “DPO”, or Data Protection Officer within their organization. This new job consists of managing personal data and informing employees of obligations to be respected in regards to the European regulations.
More than a year after the implementation of these regulations, we at Zeenea organized a workshop with DPOs from different business sectors with one idea in mind: How to help them in their GDPR implementation? We would like to share their feedback with you today.
To better understand Data Protection Officers and their function, let’s assess their current situation.
Our audience affirms that the applications used are only a means for implementing governance on data.
Enterprises have nevertheless adopted new tools to help DPOs put GDPR in place. These software are considered to be unintuitive and complicated to use. However, some manage to stand out:
Among the DPO’s tools, one of the most appreciated ones is the catalog application, mainly for its macro vision of the exchanges between different apps, and the easy and rapid detection of personal information.
At the same time, data catalogs, one of the most recent tools in the market, are starting to reach the DPO community. Investing in these tools is a strategic choice that some participants have already made. The possibility of informing and historicizing information on data by collecting catalogued company data, has indeed convinced them!
DPOs are well aware that the efforts must be placed on acculturation and raising employee awareness in order to hope for better results.
The search for governance only aims to help the business side understand and assess the risks on the data they handle. Their energy is thus placed on the implementation of effective management and communication of shared rules so that the company acquires the right reflexes. Because yes, data remains a subject that few employees master in business.
The heterogeneity of information systems is a “normal” environment with which DPOs are confronted.
They are thus faced with trying by all means to bring IS into conformity, which very often prove to be complex and costly to update technically.
We associate GDPR Data Regulation with DPOs, often forgetting the “the rest of the world”.
Many countries also have their own regulations such as Switzerland and the United States. DPOs are no exception and neither are their companies!
One thing is certain, the scope of the work is gigantic and requires a strong prioritization of subjects. But beyond the priorities linked to urgency, this requires finding the right cursor between meeting compliance standards and meeting business requirements!
The challenges of DPOs for 2020
In light of this previous observation, the workshop concluded with 2020 and its new challenges.
Together with them, we drew up a list of “resolutions” for the new year:
- Invest more in improving the qualification and requirements for data documentation,
- Integrate more examples on good practices in the employee awareness phase,
- Provide precise indicators on the use and purpose of the data in order to predict the risks and impacts as soon as possible,
- Become a stakeholder in the implementation of data governance to guarantee effective data acculturation in the enterprise.