Despite the overwhelming demands and lack of resources, there are a few key steps DPOs can take to begin to successfully tackle some of these challenges.
Step 1: Set up governance and gain access to subject-matter experts
As a DPO, make sure you get support. Therefore define the different tasks, roles and responsibilities to establish a privacy governance. Build a virtual, internal privacy management organization with the support of top management and distribute the work to many people. Make sure you get access to data protection experts as well as specialists in cyber, audit, compliance and IT inside and/or outside of your organization. This will improve your multidisciplinary knowledge about data protection issues and will help you to handle and provide comprehensive solutions for data protection-related business cases.
Step 2: Organize your workflows and outsource
Set up a central point of contact for the operational handling of data protection specific requests such as for data subject rights (deletion, rectification, access, portability) and for data protection impact assessments.
Keep in mind that GDPR allows for the outsourcing of these types of activities, which may reduce your administrational overload and cost. It’s dealing with the sheer volume of data requests that demands high administrational effort on the part of DPOs.
Step 3: Automate GDPR management
DPOs are currently handling tasks manually. However, many of these tasks could be automated to save time and money. This means that you automate processes that reoccur and ensure the continuous execution of such processes such as for example:
- Training on a continuous basis
- Conducting periodic status queries (i.e. Is data minimization being performed?)
- Reviewing risks and effectiveness of controls
- Preparing management reports
- Ensuring automatically that roles and responsibilities are filled and permanently assigned (fluctuation)
- Entering and maintaining processing records
To make the DPO’s life a little bit easier, we’ve put together a portfolio of DPO support services to assist you.