Head of Data Protection and Commercial Data Protection Officer at News UK
Q1. What do you enjoy most about being a DPO?
Every day is different. The DPO is engaged in every project across the organisation that involves personal data, giving you incredible opportunities to contribute to the commercial and strategic direction.
Q2. What data protection topic(s) would you most like to see updated guidance on and why?
It would be great to see more detail on the changes that have been made to existing guidance by the ICO. We know they are working hard to develop new and existing guidance but it can be tricky to tell what detail has been added, removed etc. The ICO’s GDPR pages are incredibly useful and this should continue to be developed.
Q3. What was the biggest challenge you had to overcome in 2018?
There was a considerable amount of compliance fatigue by May this year. Teams had been working flat out for the better part of twelve months on our GDPR transformation project and had really had enough by the time the GDPR came into play.
There was no doubt that the project had been a tremendous success to that point but it became painfully apparent to those more used to project deadlines, that GDPR didn’t end on the 25th May. We used the launch of the new regime as an opportunity to pause, recognise success and then double down on the remaining items that needed to be completed.
Q4. What advice would you give to someone looking to move into a DPO role?
Passion and enthusiasm nearly always turn what can be a dry subject into one that captures the imagination – the same is true of data protection and privacy
Q5. What do you see as the major challenge(s) in the year ahead?
Compliance needs to be hard coded, in every respect, into your people and systems to facilitate compliance with your obligations. Yes, GDPR was about ensuring you had the right policies and processes in place to facilitate compliance but that alone isn’t enough. Systems and people need to change too.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.