Legal Compliance Officer and Data Protection Officer at Bauer Media
Q1. What do you enjoy most about being a DPO?
Being responsible for the overseeing of the data protection strategy and implementation to ensure compliance with GDPR requirements. It means that you work closely with external teams and external organisations, plus you also work autonomously at times.
Q2. What data protection topic(s) would you most like to see updated guidance on and why?
Cookies and data processing agreements with ad clients are a hot topic in our business and it would be good to get some more guidance on this, and some clear guidance on who is the data controller/data processor. Brexit is another topic that Is high on the agenda.
Q3. What was the biggest challenge you had to overcome in 2018?
The biggest challenge was GDPR as it impacted every department and practically every employee and it created a complex web of rules that we needed to translate to the business in a way that everyone could understand. As well as this there is an increase responsibility in having policies, procedures and controls in place to create an ethical business in regard to processing data and data privacy.
Q4. What advice would you give to someone looking to move into a DPO role?
Have a good knowledge of data protection law. Be able to act in an independent manner. Have broad business expertise to understand how the processing works and how privacy should be implemented to integrate smoothly. Be able to negotiate and have good communications skills as you have to speak to a wide-ranging audience, from board members to data subjects, manages, IT staff and lawyers. Plus, have a great enjoyment for paperwork and processes.
Q5. What do you see as the major challenge(s) in the year ahead?
The ongoing compliance of GDPR, to keep it in the forefront of the teams and remind them that it did not end on the 25th May 2018.
Brexit is another area that I feel is going to dominate 2019 and how the data will flow to and from the UK to EEA, this is likely to be via standard contractual model clauses, which means that the majority of organisations will have work to do around putting these in place.
The ePrivacy, the Regulations were intended to come into effect on 25th May 2018, alongside GDPR, it appears it is unlikely to apply in 2019, but it is something that we need to watch for.
We haven’t seen a major enforcement actions as yet, but the much-discussed potential fines of annual global turnover, remain forefront in most DPO’s mind. The increase in subject access requests is also a challenge for organisations. The fact that charges cannot be imposed, and the deadline is reduced, dealing with these is posing increased issues in that either the organisation fails to meet the deadline, or the individual is not satisfied with the response, which could result in complaints to the ICO, which potentially could lead to enforcement action.
For more information on Susan Voss and Bauer Media, please visit:
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.