Whilst the DPOs primary remit is to manage all issues that relate to the protection of personal data, they also need to understand the business they offer guidance to. Without this understanding of the business demands, the DPO will not gain the credibility they need to support the organisation in strengthening data protection weaknesses. Getting close to strategic decision-makers is vital to ensure buy-in.
As a Chief Data Officer (CDO) when designing your data strategy, the DPO should be your best friend, they are there to help the business be accountable and be the voice of your customer. While in some circumstances data protection can be black and white, it’s not always that simple, it is principles-based and as a result, there is not always a right or wrong approach, your DPO is there to help justify the businesses stance. It is a mistake to think that the DPO ‘does’ compliance, they are your consultant, there to explain the art of the possible, legally. And without input from business teams, they cannot provide the right advice.
It is a regular and expected anticipation that tech and data teams start a shiny new project using data to gain insight, inspire a new product, or create value between parties. Without early engagement on data protection, a proof of concept could be created with flaws or potential legal issues. Many people think they understand data protection, but a little knowledge can lead to over-confidence in the state of the product, and ultimately lead to re-work and frustration over the implementation because the teams have not executed a data protection first strategy. This early engagement can mitigate dark patterns and ensure a positive solution is created from the outset.
Combining your data strategy with the privacy program creates a joined-up approach, a win-win method to maintaining protection whilst enabling data to become a commercial asset. Working together, the CDO and DPO can review approaches and raise questions before they become blockers, to reach the desired outcome, where the business is fully informed as to its data risks. It helps ensure that both parties are aligned to the organisation’s strategic objectives and prevents wasted time building something that is not privacy viable.
At the heart of every data strategy, we must remember the source of that data. It comes from individuals, the very subject of data protection and privacy legislation. Ensuring that the individuals’ data is collected, stored and processed respectfully must underpin the commercial strategy.
Once you have designed and implemented your strategy, the DPO can be a big asset to making sure everyone follows the processes and procedures, acting independently to the data team, they can help embed new and improved processes. Auditing the userbase and keeping everyone on the desired plan.
Ultimately this leads back to building and increasing customer trust with the value exchange open to all parties. Let the DPO focus on the data protection obligations and security so the CDO can focus on the value add to the customer and the business.
Written by: Karen Watson & Mark Lugg