Data Protection Officer at Homeserve and iStorm Solutuions
Q1. What do you enjoy most about being a DPO?
It’s not often someone asks what is enjoyable about being a DPO! For me, the most enjoyable part of the role is helping people to realise that data protection and privacy can actually be a really great asset to a business and most importantly that it doesn’t have to be a complicated, legalistic activity!
I have spent much of my career working on this basis, dispelling myths, looking for innovative solutions to privacy related problems and generally helping businesses to understand their risk better. Seeing a business get a better understanding of the benefits of privacy related compliance is a really great feeling.
Q2. What data protection topic(s) would you most like to see updated guidance on and why?
I’d like to see a much greater focus on accountability. Accountability is a key principle under both the GDPR and a solid privacy framework but it is often really hard for a company to grasp what that actually means in practice. There is a lot of great guidance available from the ICO and trade/private organisations but it can be quite high level or principle based.
In my experience businesses want real life examples and case studies that they can relate too, rather than just tick box guidance or best practice ideals. Accountability will look different for everyone but good examples of best practice in guidance documents goes a long way!
Q3. What was the biggest challenge you had to overcome in 2018?
The biggest challenge was convincing people that the GDPR is not just a fad and that the 25 May was not a deadline and was actually the beginning of a whole new era in data protection. There was such a huge influx in the number of “quick fix solutions” and templated privacy programmes that were available that I think people really started to believe that they just had to be compliant by that date.
Trying to explain to someone that being “fully compliant” is, in my opinion at least, not possible because of the nature of the GDPR and the fact that a good privacy programme is always evolving is a real challenge. I still feel like there is work to do in 2019 and beyond, but I do think the perception of what data protection means has seen a fundamental shift and the general public and businesses alike are starting to take notice.
Q4. What advice would you give to someone looking to move into a DPO role?
My first piece of advice would be to get involved as soon as possible. You don’t need to start applying for roles straight away but start looking for opportunities within your business to get involved. Speak to your DPO (if you have one) or whoever is responsible for data protection and ask them if you can help.
Next, I’d start reading, read everything, ICO guidance, news articles, Linkedin etc. and sign up for free seminars and webinars so you get an idea of what is really involved. Once you’ve done that and decided a DPO role is for you, you can look into more tailored courses such as the BCS Certificate in Data Protection or the CIPP/E.
Remember though that there is no substitute for experience, so the sooner you get involved from a practical perspective the better.
Q5. What do you see as the major challenge(s) in the year ahead?
2019 is all about trying to maintain the momentum that we picked up last year. The challenge is how to do it. 2018 was a pivotal year for data protection and privacy as a whole, but it can easily become tomorrow’s chip paper if we don’t keep pushing forwards.
There are some fantastic new events coming into the industry and there is a real buzz so hopefully we will see another stellar year for the DPO profession and privacy rights overall.
For more information on Richard Merrygold and iStorm and Homeserve Solutions please visit:
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.