Here is a summary of the key pain points for Data Protection Officers (DPOs):
Brexit, technology innovation, and communications regulations
Brexit will trigger a lot of policy changes. It has to be the key concern here when considering the stress factors for the Data Protection Officers (DPOs). Things may become much clearer after the transition period ends on 31st December 2020. New stricter policies may arise for companies operating in the UK at that point.
CCTV and data from its footage form a complicated aspect of technology. The public understands and demands their rights under the General Data Protection Regulation (GDPR) and also outside it out of awareness and education. Data Protection Officers (DPOs) now are receiving more requests to access CCTV footage. There has to be an effective and proportionate policy to deal with data subject access requests in this regard without compromising the privacy of others.
Image consents for marketing
The “legitimate interests” basis when using images is no longer adequate. You can just not show a marketing image to people, there has to be better consent and clear respect here. There are challenges in terms of recording consent and gaining clarity regarding the actions required when the consent is withdrawn.
Perhaps with time and monetary investment, this will improve.
Data security is a joint responsibility of a technology officer and a Data Protection Officer (DPO). However, the technology requires money and research and not enough businesses are willing to do that now. Even if this poses a risk to them. The realisation is taking much more time than it should. Greater penalties are going to perhaps, redirect the focus on compliance and data security provision.
Reporting and monitoring breaches fall under the key responsibilities of a Data Protection Officer (DPO). They need to make sure that the staff are aware of their responsibilities and they need to be proactive when making a decision regarding the breach and reporting it. This is one of the main concerns when it comes to handling chaos surrounding a data breach.
Cookies are confusing for non-technical people. This is why it is a shady compliance area. The issue is innocently overlooked on advertised third party products, or tracking visitors and on business websites. While ICO tries, there is little awareness of the subject. Businesses and their Data Protection Officers (DPOs) should rather look into products that can help them gain consent, record and track the use of their cookies. These are necessary for compliance and a relief for the data team. They must ensure that a company implements a GDPR compliant cookie consent banner on their company website to ensuring that the disable unwanted cookies, protect an individual’s data privacy and are compliant with the law.
The climate of the e-Privacy law and General Data Protection Regulation (GDPR) is evolving so there needs to be active involvement on the part of businesses to learn to adapt to it and cope with what is required of them.