With the likes of the EU GDPR and the CCPA coming into effect and evolving over the last few years, the role of the data protection officer has been called into question.
Many organisations have teams dedicated to security that handle data protection, but studies have shown that there is a lack of efficient communication between security staff and the c-suite, which has led to security being pushed down the list of priorities.
This is why a data protection officer has been called for; a figure either coming into this role while already in another executive position, meaning that they hold two positions at once, or someone with the relevant experience who has come in from another company.
Don’t get left behind
With the constant changing of data protection regulations in mind, this could be the ideal solution for any company that is struggling to keep track.
Data protection and privacy – time to take it seriously
“The regulatory landscape has changed dramatically, requiring organisations that benefit from collecting user data to be responsible for protecting that data,” explained Eran Brown, CTO EMEA at Infinidat.
“GDPR is no longer the only privacy standard out there. As these technical and regulatory challenges push us towards a more holistic approach to data protection, organisations will benefit from having a data protection officer — but only if they are given a clear mandate to work across traditional infrastructure teams and to find the right tools to protect the data with the minimal level of complexity.
“This will, in turn, improve their ability to automate backup processes and reduce operational costs.”
Collaboration is key
In the lead-up to GDPR being first introduced in May 2018, a study by the IAAP predicted that 75,000 data protection officers would be needed around the world to deal with the masses of company data that had to be secured under the regulation.
Additionally, the presence of a data protection officer is now mandatory under EU regulation.
However, data protection officers can’t afford to work alone, and must ensure that everyone is on the same page.
According to Adrian Barrett, CEO of Exonar, this doesn’t just mean that communication between security staff and the c-suite is required.
“Making data protection business-as-usual requires someone with complete oversight of what this should look like,” said Barrett. “Data protection is a collective effort, requiring initiatives such as staff training to empower ownership and responsibility, but also the technology tools to automate data governance and embed it within business processes, and it’s up to the DPO to drive it, proving it’s still a vital role for businesses.
“Facing the ongoing challenge of taking data governance to the next phase, DPOs are needed more than ever before. 2020 will be the year when data shifts from being a liability to a business asset, where compliance moves beyond a tick-box exercise, and where policy turns into practice.”
Factoring data protection into a digital transformation strategy
A change in approach rather than staff?
For some experts, a data protection officer may not be the only solution that companies need to protect their data.
“Companies need help setting up systems and strategies for good data governance, and they need these as quickly as possible because the volume of data continues to swell and rise,” said Andy Cotgreave, data evangelist at Tableau.
“As more business leaders start to understand the value of prioritising data in their organisations, chief data officers, CTOs, data protection officers and CIOs must adjust their approach and start to think smart about how they control and influence technology within the business, in turn while balancing trust and governance of data.
“Whether or not your organisation has a data protection officer, the role is about more than just protection. As a business, you need to have a data leader who is championing the value of data – this includes ensuring strong data governance and driving best data practices throughout your organisation.”