On this year’s ‘Data Protection Day’ I was kindly asked to share some thoughts in a blog. I thought about writing something academic, something practical, something though provoking. Then I thought, well, we do that throughout the year and will continue to do that throughout the year.
So this year I thought I’d go rogue and actually write something about (and for) Data Protection Officers (DPOs) themselves. And by DPOs I also mean any of us that work with Data Protection and would call ourselves a ‘Data Protection Professional’.
Then the plan changed and I thought, stuff if, I’ll take it for my blog as I want to share with you just how brilliant the profession is and share with you some thoughts on nurturing your own professional development.
Changes to the DPO Role
First, currently, the Data Protection and Digital Information Bill is looking to remove the ‘formal’ role of a DPO and replace it with a ‘senior responsible person’. Quite what that might mean for the DPO role, who knows. I can see people simply keeping the DPO role as it currently is, especially if their DPO is currently ‘senior’. I can also see a ‘DPO’ going back to an operational officer title and the ‘responsible officer’ role being dumped on some poor soul on the Board.
And if that happens, the same challenges some organisations have with SIROs will simply apply here. Maybe with some more depending on what the Bill ends up saying about what that role is responsible for. Don’t look at me like that, we all see it. Some SIROs are brilliant and some, just aren’t. And the ones that aren’t, funnily enough, end up with an ineffective IG function because it doesn’t have the support it needs. But I digress, the point is that vague roles simply allows for vague standards and I’ve blogged on this before.
Regardless of what the Government says, I firmly believe that as a ‘Data Protection professional’ it is up to us to decide what our roles should be and what our professional standards should be. Even if they do dump the role on a senior person they’ll still need the practical knowledge that we, as professionals, have.
Question for you, have you written yourself a personal development plan?
This could be one with your organisation or one for yourself if your organisation doesn’t do them (or are pants at it). If not, I recommend you do!
Take a little time to be honest with yourself and say what areas you feel you might be weak in or areas that you simply want to grow and expand on. That will involve being honest with yourself, but it’s a valuable conversation and exercise to do. Think of the obvious things but also think of the individual skills needed to do the various things we do as DP professionals. Incident investigation, for example, requires a raft of soft skills from investigation skills through to communication and presentation. (Some might say even counselling skills when things go really wrong).
That should give you areas for you to invest in. If your employer then can and will invest in it, then great. If not, then see what is out funding and what courses are there to help you grow and shine as a professional. Some of these things can be difficult to find, but they are out there. Funding for courses, mentors, apprenticeships, discounts, etc. I’m still collating lists of such things for my own use and I still find more and more all the time.
If anyone wants some tips or a chat about their personal development plan, do get in touch!
If you can’t find any funding or courses etc, badger your professional membership body. That’s what they are there for (amongst other things), to help your development! So ask them to signpost you to these things and get your money’s worth. Even if it is just signposting you to a professional mentor, that alone can be worth its weight in gold for your own development.
Finally, a parting note to organisations and employers
A DP/IG professional will be one of the most resilient, patient and valuable employees you’ll ever have. We clear up organisational messes, we counsel and support staff, we see all areas of the organisation, we ‘get’ data and the impact it can have (good or bad) and many of us do all this on a shoestring budget.
Regardless of what the law says about the role of the DPO, the need to get your customers, staff, patients etc data right, keep it secure and just make it work will always be there. So we DP professionals will also always be needed, and regardless of whether you think we are here for Data Subjects or the organisation, we are a valuable asset to your organisation. Ignore or devalue us at your peril!