Group Data Protection Officer at Balfour Beatty
Q1. What do you enjoy most about being a DPO?
I enjoy the variety of working with all the different areas of the business and producing tangible solutions to challenges proposed by the business in respect of Data Protection and Privacy.
Q2. What data protection topic(s) would you most like to see updated guidance on and why?
Data controllers and data processors: what the difference is and what the governance implications are, whilst the updated information on the website in respect of controllers and processors is useful it would be useful to see this document specifically updated with the introduction of a section on cloud service providers. It would also be useful to have additional clarity around ‘joint controllers’ and ‘controllers in common’ designations as we see a lot of confusion on these areas when engaging with other businesses.
Q3. What was the biggest challenge you had to overcome in 2018?
Creating and building a culture of data protection and privacy within my organisation as part of the implementation of our GDPR programme.
Q4. What advice would you give to someone looking to move into a DPO role?
Consider the organisation in respect of the risks they pose and do research to understand their approach to Data Protection and Privacy. Think about the challenges the organisation may pose and how you could address them. Think about your strengths and how you can use these within a DPO role to make it a success as well as acknowledging your weaknesses and what you need to work on to thrive in the role.
Think about your approach to risk management and mitigation and consider what your approach is in respect of data protection and privacy and how this is likely to interact with the business you would be working for and whether or not you can and would need to adapt your philosophy to meet organisational and legal expectations.
Q5. What do you see as the major challenge(s) in the year ahead?
Maintaining a sustained and engaged culture in respect of data protection and privacy. A lot has been made of organisations preparation for GDPR but the reality is the key to compliance is ongoing maintenance and management of the work you have undertaken to help your organisation comply with the legislation.
For more information on Matthew Kay and Balfour Beatty, please visit:
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.