Despite the seemingly endless Covid pandemic , DPOs must continue to find their way towards GDPR conformity while also considering what added benefits this can bring to their companies. The issues of cybersecurity and digital sovereignty must also be addressed due to their relationship with compliance.
This health crisis that has greatly disturbed our lives for the last two years has now turned DPOs’ focus away from their main objective of assuring GDPR conformity for their organisations in order to focus on other urgent topics, such as strategic changes aiming to guarantee the survival of the company, organisational and managerial modifications, the implementation of working from home, and the deployment of collaborative tools.
During this tumult, DPOs have,for the majority of the time, found themselves isolated. This has meant that they have occasionally been put to work on projects related to their usual tasks—like the issue of cybersecurity—at the forefront in the context of working at a distance. This has lead to GDPR conformity being delayed.
Rediscover the path of internal and external collaboration
DPOs must now rediscover the path of collaboration with all departments within their organisation: sales & marketing, purchasing, IT systems management, and human resources (HR), as well as external collaboration with partner companies and subcontractors.
General management must also be strongly involved and offer full support to their DPOs. After almost two years of having to prioritise sustaining and protecting their companies during the pandemic, they must now revisit any projects that got left by the wayside.
Go beyond the simple issues of compliance
GDPR compliance doesn’t just consist of creating documents and static procedures that are sent to the archives for no one to open again. The procedures must be implanted into the daily routine of all business units of the organisation, of which the first row is the general management.
GDPR compliance isn’t a simple folder that we can put together to in order to tick all the boxes. GDPR must bring value to the company.
Beyond GDPR compliance, data is a source of strategic insights. Banks and insurance companies have become masters in their processing and operation by analysing data. Companies in other industries can learn from their example.
Understand the topic of cybersecurity as a whole
Cybersecurity is very closely related to GDPR compliance and can no longer be ignored by data protection officers. When a company embarks on a 27001 certification process, all risks related to the protection of personal data are covered, including: confidentiality, integrity, availability, identification, and retention period. Therefore, it is beneficial for DPOs yo ake an interes in cybersecurity.
The cyberattacks by AFNOR and Bureau Veritas February and November 2021 respectively proved that any oraganisation could be the victim of this type of malicious act. Even if cybersecurity is an indirect issue for DPOs, in the event of a data breach, it is the DPOs who will be in charge of initiating the procedures aimed at notifying the relevant authorities, customers, partner companies, and any employees.
Take into account the question of sovereignty
Finally, as part of their company’s responsible digital policy, DPOs must pay close attention to the digail sovereign nature of their hosting provider. Where and how company and customer data is stored – whether sensitive or not – can no longer be left to chance.
The dramatic fire that occurred in one of OVH’s data centres in March 2021 testifies to the highly strategic nature of the choice of its cloud provider(s). The fifty or so companies that are now bringing a class action against this French hosting provider should have asked themselves a certain number of fundamental questions before selecting their provider In the context of GDPR, the question of data transfer must encourage all delegates to consider data protection, namely precisely where and under what conditions their organisation’s data is stored.
As we can see, the challenges for DPOs for 2022 are numerous and diversified. within the face of the health crisis, data protection delegates must impose themselves on general management and business departments to continue their GDPR compliance work. At the same time, they must integrate the issues related to cybersecurity and the digital sovereign nature of their hosting providers while reflecting on how to bring ever more added value to their organisation.
Read more about How we can help with your GDPR conformity