Faced with the challenge of replacing its internal Data Protection Officer (DPO), our client - a branch of an international bank specialising in mortgages - turned to us for support. Starting with an initial assessment to get the lay of the land, we've been ensuring the bank's compliance with GDPR legislation ever since. As independence is a critical part of the DPO's role, it's always a good idea to outsource this important task to an external party such as Projective Group.
A unique profile for a unique role
Our client is a branch of an international bank that specialises in mortgages and plans to expand its services to include wealth management. When they were suddenly faced with the loss of both their internal Data Protection Officer (DPO) and their Privacy Officer (PO), they didn't know what to do. How do you replace someone with such an intricate responsibility of understanding both the organisation's operations and the complexities of privacy laws and regulations?
As Projective Group has a longstanding relationship with this client, where we've worked with them on several projects and provided general compliance services, they turned to us. Our existing partnership provided a solid foundation for addressing their specific DPO needs. "The ideal DPO must combine extensive legal knowledge with practical insight into the organisation's operations. They have to strike a balance between being legally sound and ensuring that privacy policies fit seamlessly into day-to-day operations," says Eric de Vries, who has taken on this challenge.
The ideal DPO must combine extensive legal knowledge with practical insight into the organisation's operations.
Eric de Vries, External DPO
From a quick scan to lasting results
As always, the first thing we did was a quick scan of the client's compliance with GDPR and privacy legislation. We checked whether the policies, processes, website, documents, privacy statement etc. were in line with the legal requirements. This baseline assessment is crucial to justify our recommendations and identify areas for improvement.
One of the things that came out of this scan was the need for greater privacy awareness among employees. "One of the things we've all heard about when it comes to privacy, is data leaks. The majority of leaks are caused by employees - not maliciously, but accidentally. Leaving a document on the train, inadvertently forwarding an email to someone who shouldn't see its contents.. By improving awareness of these risks, the likelihood of data breaches is significantly reduced," says Eric de Vries.
The majority of data leaks are caused by employees - not maliciously, but accidentally. Improving privacy awareness significantly reduces the likelihood of data breaches.
Eric de Vries, External DPO
The importance of independence
Whether it's risk assessment, data privacy impact analysis, regular meetings with stakeholders or flagging critical privacy and data protection issues, the DPO must always be free from top-down pressure or conflicts of interest. Independence is a fundamental part of the DPO's role. That's why it may be better to outsource to an external party who brings not only independence but also extensive practical experience and a holistic view.
"A good DPO will make sure you've got the risks covered, but at the same time will not say no to all projects because they're too risky. You need someone who is independent, experienced and knows the ins and outs of the organisation," says Eric de Vries. "The advantage of an external DPO is that they can be deployed quickly, but they can also stay for a long-term partnership. The better they get to know the organisation's processes, the better they can think along in terms of effective solutions and possibilities".
Eric is available to the client two days a week, but his schedule is flexible when there are urgent issues to deal with, such as a data leak. So there's no need to worry about availability, even with an external DPO.
Conclusion
In a world where data protection regulations are constantly evolving, having a reliable and adaptable Data Protection Officer is a strategic advantage, even if your organisation isn't legally required to have one (because not all companies are). There are many benefits to hiring an external DPO, from greater independence to a broad knowledge of laws and regulations across different industries and insight into practical implementation.
Are you looking to hire or replace a DPO? For a short or long term partnership? Our privacy consultants are skilled and experienced and can fill the position of DPO in a practical and professional way, as well as provide support to your internal privacy team.
A propos de Projective Group
Établi en 2006, Projective Group est un spécialiste du changement dans le secteur des services financiers. Elle possède une grande expertise dans les domaines suivants : Data, Payments, Transformation et Risk & Compliance.
Nous sommes reconnus dans l'industrie comme un fournisseur de solutions complètes, en partenariat avec des clients des services financiers pour fournir des solutions qui sont à la fois holistiques et pragmatiques. Nous avons évolué pour devenir un partenaire de confiance pour les entreprises qui veulent prospérer dans un paysage des services financiers en constante évolution.
