Are you a Data Protection Officer? Advice from data protection expert

Filter By

Show All

Connect to


Are you a Data Protection Officer? Here are 5 pieces of advice from 5 data protection experts


For data protection officers accross Europe, pressure is mounting to get their organisations to be compliant with GDPR for the 25 May deadline. It's hard to know what to prioritise. At the ICO's Data Protection Practictioners Conference 2018 conference, 5 data protection experts gave their take on what the DPOs should be thinking about at this point.

  1. Know where to look rather than knowing by heart (for now, at least!)

The GDPR legislation is a biggie. It will take a while to know it all the ins and outs of GDPR legislation. That’s okay. Familiarising yourself with the layout of the legislation and knowing where you can find the right guidance will allow you to access what you need to know when you need to know it. Before long you’ll know it like the back of your hand.

  1. Use existing structures to implement change

There is no better way to make enemies in your organisation than by changing the systems which people are used to. There is no need to reinvent the wheel. Identifying how existing structures can implement change without having to change themselves will make things just that little bit easier. Doing this will also allow you to see which areas are not covered by your existing DPO structures and where you will need to make investment to ensure your organisation is covered.

  1. Stay at the front of the pack

The ICO realises that not all companies will be 100% compliant by May 25. According to Elizabeth Denham, it is not the ICO’s aim to chase down and fine anyone and everyone who hasn’t completed everything to the highest order. In saying that, emphasis should be placed on transparency and putting in place processes to account for as much as possible. Doing these really well will keep you at the front of the pack… and out the clutches of regulators.

  1. Be a go-to person

Many of your colleagues may find data protection a real pain. As compliance is so vital, every effort should be made to be a go-to person. Your colleagues’ first reaction should be to come to you with any questions or concerns. Being open, receptive and knowledgeable will help you create these necessary relationships. On a related note, it’s important to remember that regulators want to be that go-to person for you, too. Refer to their guidance and respond to their requests for feedback. This will shape the way they deal with you and your industry.

  1. Win over hearts and minds

It might be the case that many in your organisation are already won over by the benefits of GDPR and are willing to get their heads around what they need to do. This is great and you should use them to get the message out. Nonetheless, there will be plenty who need to be urged to accept the realities of change. There is no point doing this in an arduous manner. Remind them that this affects them as a consumer, too. When your colleagues see it from this angle they tend to be much more sympathetic to the aims and objectives of the legislation.

The DPO experts speaking at the ICO conference were:

Emma Butler, Yoti
Rowenna Fielding, Protecture
Claire Knight, L’Oreal Western Europe
Stephen McCartney, Pearson
Robert Streeter, News UK

For more GDPR guidance from the DMA, click here

Hear more from the DMA

Please login to comment.