Organisations that appoint a DPO (data protection officer) will have a significantly different approach to information security than those that don’t.
The person who fills the position is responsible for monitoring the organisation’s data protection practices and helping staff understand their regulatory requirements, amongst other things.
Under the GDPR (General Data Protection Regulation), organisations are required to appoint a DPO if they:
- Are a public authority;
- Regularly and systematically monitor data subjects; or
- Process special categories of data on a large scale.
Even if you don’t meet any of these criteria, the benefits of having a DPO might mean that you choose to appoint one anyway.
Unfortunately, finding someone with the right skills is hard. Unless you outsource the responsibilities, you’ll face stiff competition when approaching candidates.
So instead of looking for the perfect person, you might be better off taking someone from inside your organisation and giving a leg up via specialist training.
Here are three ways a DPO training course can turn a promising employee into an invaluable asset.
1. It will shore up GDPR knowledge gaps
DPOs are naturally expected to have expert understanding of data protection law, and they should have received GDPR training.
However, the shortage of skilled DPOs means not every organisation will be able to appoint someone who already knows the Regulation inside out.
Many will have to make do with their resident data protection and privacy expert, who may well have a strong understanding of the GDPR, but will need to bone up on the Regulation’s requirements to fulfil all the DPO’s tasks.
Studying will also help DPOs understand how the GDPR works in practice. Those who are new to the job will quickly learn that there’s a huge difference between understanding the Regulation’s requirements and ensuring that the organisation implements them. It’s only through practical exercises that DPOs can learn to bridge that gap.
2. They need to learn how to be independent advisors
Arguably the trickiest part of being a DPO is liaising with employees on the organisation’s data protection practices.
DPOs must advise staff on their data protection responsibilities and monitor whether they are being met, but they must also operate independently and without instruction from the organisation.
This means an employer can’t help the DPO perform their duties, and the DPO can’t overstep their boundaries when advising employees on how to achieve compliance.
Doing so would effectively make them responsible for that activity, jeopardising their status as independent advisors free from conflicts of interest.
As such, DPOs must learn what they can and can’t say in their role, a skill that’s particularly important if they take on the responsibilities alongside their existing role.
3. It helps them prepare for disaster
DPOs play a crucial role in the data breach response process. The GDPR gives organisations 72 hours from the time they become aware of a breach to disclose it to their supervisory authority.
The disclosure should include explanatory details about the incident, such as what caused the breach, how many records were affected and the types of information involved.
It’s the DPO’s responsibility to record all these details (acquired from relevant members of staff) and relay them to the supervisory authority by email or phone.
The task itself is relatively straightforward if the DPO is sufficiently prepared. This generally means having the supervisory authority’s contact details to hand, as well as a list of the details you are required to provide.
A meticulous DPO might also prepare a list of employees who are best suited to providing the necessary information, as well as alternatives if that person is away from the office.
However, without specialist training, your DPO will have to figure out how to plan for breaches by themselves. (Remember, you can’t advise them.)
Maybe they’ll manage, but do you want to take the chance? Particularly when the stress and panic that comes with a data breach could lead to your DPO making a crucial mistake.
Acquire the skills to become a DPO
This certificated training course will teach you the knowledge and skills to fulfil the DPO (data protection officer) role under the GDPR (General Data Protection Regulation).
Qualification | Achieve the C-DPO Provisional Level qualification (ISO 17024-certificated). Exam included in course. The course qualifies for 28 CPD/CPE points.
Gain the knowledge and skills to enable you to fulfil the DPO (data protection officer) role under the GPDR (General Data Protection Regulation) with this certificated training course.
Qualification | Achieve the C-DPO Provisional Level qualification (ISO 17024-certificated). Exam included in course. The course qualifies for 14 CPD/CPE points.
Watch our DPO webinar
You can learn more what it takes to be a DPO by watching our webinar: Challenges for data protection offices.
This presentation provides an in-depth explanation of the role of the DPO and its context within the GDPR, before going on to explain:
- The requirements for fulfilling the role of DPO under the GDPR e.g. experience, qualifications;
- The responsibilities of a DPO and type of activities that fall under the DPO remit;
- Key challenges faced by DPOs and how they can be addressed;
- Real–life examples of DPO activities that became complex and difficult to handle; and
- Options and best-practice for filling the role of the DPO.
The webinar will take place on 31 October 2019, from 11:00 am to 12:00 pm. If you can’t make it, the presentation will be available to download from our website shortly after it finishes.