Featured in JEP’s Expert Panel – 22nd June 2018
The second area I mentioned last week was; weak, informal arrangements to manage and deliver effective governance of data protection e.g. no clear line of responsibility, ineffective recording.
Having a Data Protection Officer (if required by law or appoint voluntarily) or data protection manager and representatives from different areas of the organisation as part of a working team (i.e. “privacy team leaders”) will help to co-ordinate efforts effectively, quickly, and instill data protection awareness into the DNA of your organisation. Pro-active, regular meetings to discuss your data protection issues, effectiveness of your policies, procedures and incorporating new project assessments will help keep awareness and focus alive in your organisation.
Setting up formal “Registers” to record the handling of data subject access requests, data breaches (whether reported to the commissioner or not), cyber security incidents and staff training are key to be able to manage, monitor and report on (e.g. KPI’s) the effectiveness of your organisation’s data protection governance.
Ultimately the board of directors, trustees, partners need to lead on this governance topic and ensure that they have a formal mechanism in place to get regular reporting, insight into the status and progress being made in this important area.