If your organisation processes personal data you may be legally obliged to appoint a Data Protection Officer (DPO).
The challenge for organisations which require a DPO can be quite onerous.
- There can be no conflict of interest with other roles, so for example, the person tasked with driving marketing can’t be a DPO because they can’t be “marking their own homework” by asserting that they are preserving data privacy and protection when they may feel compelled to “test” the regulation by using personal data in a way which isn’t compliant. Similarly, the person tasked with your cyber security can’t be a DPO because you need someone to objectively ask “Is our cyber security actually good enough to protect data subjects?”
- The DPO needs to be an expert in the regulation, which requires training and then provides opportunities for the newly-trained person to leave for a better job (it happens).
- The DPO needs to be able to report into the senior management in the organisation and separate themselves from their day job. The DPO needs to be able to tell senior management things that they might not like to hear, which is often very difficult for staff members.
Athene Secure offers the Hermes Service to organisations which can’t take on a dedicated DPO, don’t have the budget to provide training and don’t want to pull staff away from their daily responsibilities to the business.
For a monthly retainer of one hour, you can use Athene Secure as your nominated DPO for liaison with the regulator and your data subjects and use that hour to ask questions around your data protection. Athene Secure will also advise on changes which your organisation may need to undertake in order to remain compliant with the requirements of the regulation.
In the unfortunate circumstance of a data breach, Athene Secure steps into action and deals with the regulator on your behalf, communicates with the data subjects and mitigates issues, allowing you to continue to operate in your day job.