So you’ve read our post asking ‘do we need a Data Protection Officer’ and you’ve hopefully checked out the GDPR wording. You’ve hopefully had your legal folks review it for you also, before concluding that you don’t need to assign a Data Protection Officer.
But, maybe you should anyway…
There are a few reasons why you might want to consider it and we’ll outline them below.
1. It’s time to be pro-active
If there’s one thing GDPR is showing us, it’s that data is a serious issue and losing control of your data can have business-crippling consequences, both to your bottom lime and your reputation. Assigning a Data Protection Officer before the need arises could be a smart move to keep you ahead of the curve, and ensure you’re on top of your data security before mistakes have a chance to creep in.
2. Be audit-ready
If a user lodges a complaint for any reason, or if anything happens with your existing data, or even if it doesn’t, you might find yourself suddenly under scrutiny of an audit from your data protection authority. If this happens, you could have as little as 72 hours to present your documentation and any required defence. If you have a DPO in place already, then you should be on top of this and ready to go. Furthermore, having a DPO assigned when you’re not obligated to is a clear sign of your efforts to stay compliant.
3. Show you genuinely care
Privacy in 2018 is no longer a pre-filled box-ticking exercise. It’s about privacy by design, it’s about data retention policies, it’s about genuine dialogue with data subjects. Importantly, it’s about actually caring about personal data. Assigning a Data Protection Officer, and taking the role seriously, tell your clients and your staff that this is how we roll – we care about your data and we’re going beyond our requirements to take care of it.