"Ny lov om persondata koster firmaer millioner" ("New personal data law will cost organizations millions")- Børsen 1. Feb 2017
- are all warnings about what needs to be done before 25th of May 2018, and firms are scrambling to get to grips with the situation.
EU’s General Data Protection Regulation (GDPR) will have major implications for most companies, but what exactly, when and to whom? Do you need a DPO (link to article) and who shall it be? What is personal identifiable information (PII)? Where in the company should the DPO responsibility be placed? Many firms are without a doubt, busy trying to answer this very question.
Exampels of positions
- Master Data Manager
- Data Governance Architect
- Enterprise Information Architect
1. Definition af DPO role:
What is a DPO? What qualifications should one poses? Should it be a lawyer or one with an IT background? Should the position be based around IT, finance or legal? How do we assess if a candidate is qualified. Which decision rights should be assigned to the DPO. These were the questions from one of our clients, after attending a DPO conference. The Client is a C20 business, with a consumer customer base, and a business model containing large amounts of data, GDPR will therefore have major implications for them, and they will need a centrally placed DPO in order adapt to the new requirements.
We have payed close attention to GDPR since it became a reality, we have a certified DPO as well as a strong network of specialist on the field, we were therefore able to help the client in defining the role.