Digitalisation is the way to go if a business wants to survive in today’s economic environment. The Covid-19 pandemic which has devastated the global economy has proven that those that can quickly adapt and implement digital transformation are the ones that will make it through adversity without too much trouble.
However, malicious actors know how important digitalisation is to businesses; and as such, this makes customer and employee data incredibly vulnerable. Businesses will want to ensure that this data is protected; and such is the task of a Digital Protection Officer (DPO).
In a short interview with HR Asia Magazine, Kevin Shepherdson, CEO of Straits Interactive reveals that the tasks of a Data Protection Officer (DPO) can be summarised into the acronym G-A-P-S-R:
Firstly, the DPO’s task is to assist the organisation to govern how personal data is being collected, used, disclosed, or stored within an organisation according to the requirements of the Personal Data Protection Act and relevant data protection laws.
From an operational perspective, the responsibilities of the DPO includes
Assess the risks relating to the processing of personal data and this includes conducting a data protection impact assessment (DPIA)
Protect the organisation by developing a data protection management programme (DPMP) against these identified risks. This includes implementing policies and processes for handling personal data.
Sustain the above compliance efforts by communicating personal data protection policies to stakeholders including training; conducting audits as well as ensure the ongoing monitoring of risks.
Respond and manage personal data protection related queries and complaints as well as liaising with the data protection regulators (local and/or international) on data protection matters, especially if there is a data protection breach.
With the ongoing pandemic and lockdown situation, a pattern increased online transactions and e-commerce has occurred. New privacy-intrusive technologies are being used to process personal data. In addition, the entire world is pressing the reset button in terms of data protection laws and requirements
However, Kevin states that things have been thrown into disarray as organisations have other priorities to meet in the midst of the pandemic. Despite this, he is confident that the demand for DPOs remains robust.
According to Kevin, the first important benefit of having a DPO in an organisation is to prevent the organisation from having a data protection breach and to demonstrate accountability to the regulators. Additionally, DPOs can aid in guiding the organisation to reach the level of data protection standards that the organisation is looking towards attaining, e.g. Data Protection Trustmark (DPTM) in Singapore. They do so by assessing the risks involved by looking at the data map of the organisation and identifying gaps as well as recommending the relevant actions that the organisation should take according to the strict DPTM requirements.
Having a DPO onboard can also do wonders for both the customer and employee experience. Kevin states that the DPO needs to work with the various departments to set up the necessary data protection policies. In the process of operationalising them, the DPO will need to work with the respective line managers to map out the organisation’s data map and identify gaps, as well as make recommendations to address the gaps; this ensures that the data in the organisation’s possession is secure and protected and is consistent with stated policies.
This will give customers and staff the assurance that the organisation is taking precautions in keeping employee and customer data safe. This also helps employees, especially those in customer-facing roles, to have confidence in reassuring customers that the organisation is reliable and will take the utmost care in handling their data.