GDPR
Data protection support works full-time with GDPR-related tasks
Larger companies should hire at least one person with the role of data protection support who works with GDPR-related tasks full-time. It is also the person who assists all other departments of the company in matters related to GDPR.
- Often the contact point for the supervisory authority.
- Has both a guiding and coordinating role.
- Provides support to the different departments and functions within the company.
Data protection support has an important guiding function
The purpose of having a data protection support is to be able to guide the other parts of the organisation. For example, through clarifications, interpretations and training. However, not all companies need to hire a person with such a role. Instead, the company can hire an external lawyer, or give internal lawyers extended tasks. It is usually larger companies that have their own data protection support that works with GDPR-related tasks full-time.
The data protection support can be provided by the company's lawyer, but does not have to be
It can be a lawyer who is data protection support, but does not necessarily have to be. It is important that the person who gets this job role has knowledge about GDPR, but also about communication and technology. Larger companies usually have a lawyer, but the lawyer often works with many legal issues and is not usually an expert on GDPR. In addition, in-house lawyers often lack the time required to work with the internal GDPR work as much as a data protection support usually needs to do, especially in the first few years before the structure becomes clear.
Data protection support acts as a spider in the web
Data protection support acts as a spider in the web regarding the internal data protection work within the organisation. They often build up a lot of knowledge about data processings within the organisation and therefore it is good for management to use this knowledge. For example, if a company has a data protection ambassador in each department and they need help, it is the data protection support that usually provides the help.
Data protection support can be an important asset to the management
As data protection support works with all departments in the company, they gain important knowledge and experience about how the company processes personal data in practice. This is necessary information in order to comply with the legislation. Therefore, data protection support can be an important asset to the management of strategic issues.
Regularly follow up on GDPR-related documents and agreements
Companies must have certain GDPR-related agreements and documents to comply with the regulation. In addition, it is common that these need to be updated and regularly followed up. Data protection support should be the person who does this. Please note that this must be done in accordance with the strategic objectives set by the management or the board of directors.
It may also be that a data subject points out something wrong, that case law changes or similar and that the company therefore needs to change something in its GDPR-related documents. In order to be able to follow up on the company’s GDPR-related documents and agreements on a regular basis, the data protection support should have regular meetings with the data protection ambassadors.
Ensure relevant training and adequate resources for data protection support
It is important to provide the right resources and training for data protection support, so that they can do their job in the best possible way. Examples of topics that may be useful to train data protection support in:
- GDPR.
- Communication and marketing.
- Complementary national/international laws to the GDPR.
Learn more
Data protection ambassadors act as the extended arm of data protection support
It is good to appoint data protection ambassadors in a larger company, in order to spread information about GDPR within the organisation in a quick and efficient way. Another word for data protection ambassadors is coordinators. Every department of the company, such as sales, marketing, production, and customer service, should have at least one data protection ambassador. For example, if a customer service employee has a minor GDPR issue, they can talk to the data protection ambassador in the same department. This reduces the pressure on managers who can focus on other things.