The Data Champion Role

The Data Champion role is key within organisations. It can help embed good data protection practices across different business areas. This article explores the data protection unit, and how best to train your data champions.

At DPAS we have spent the last four years helping organisations of all shapes and sizes. But becoming more data aware is not always simple.

We’ve helped many large organisations to set up their data protection processes within their internal teams. This has included changes to ensure they are ready, and able, to handle data protection issues internally. 

We are often asked ‘what is the best way to set up data protection governance teams within the organisation?’

We’ve worked with different organisations on establishing a governance structure. This helps ensure that employees understand what the future may look like, and how they can best handle data protection internally. This involves educating teams on the Data Protection Unit, and associated roles.

The roles in your Data Protection Unit

The Data Protection Officer (DPO)

The DPO represents the interests of the data subjects (not the organisation) and liaises with the ICO wherever needed. They also inform the Board on data protection issues.

We understand that some organisations will not have the legal requirement to have a Data Protection Officer. However, having that confidential, independent DPO is often good practice in organisations where large amounts of data is processed.

The Governance Board

The Governance Board make decisions about levels of risk they accept. They take into account DPO advice, along with material information from the Data Protection Manager and Data Champions.

The Data Protection Manager (DPM)

The DPM is someone who ensures data protection issues are being dealt with appropriately and within timeframes. This can be a time demanding role in most organisations. They are the key contact for the DPO and will have undergone extra data protection training.

Where does the Data Champion role fit?

There should be a Data Champion from each business area. They will help channel information on data protection within their department, and ensure tasks are completed for the Data Protection Manager.

The Data Champion should undergo a full training day and will be the ‘go-to’ person responsible for overseeing data privacy matters in their business area.

These people are responsible for encouraging a privacy culture in their business areas and ensure any concerns or queries, especially regarding potential data breach issues, are expediently escalated to the organisation’s Data Protection Manager.

This image shows the typical structure of the data protection unit. Please click to expand.

If you’d like to see a typical Data Protection Champions Job description, please click here.

So… How do we get the Champions sufficiently trained to enable them to complete their delegated role of a Data Champion?

Ask your Data Protection Officer or Data Protection Manager to create a training programme for your Data Champions, which should include the following topic areas:

  • What is personal data and why does it need to be protected
  • Data protection principles
  • Employee data protection obligations
  • Employee training and awareness
  • Information rights for employees
  • Key considerations for disclosing personal data to external third parties
  • What is special category data and the correct procedures for handling information such as trade union membership, medical and sick absence data
  • How to complete a DPIA (Data Protection Impact Assessment)
  • How to manage a data breach
  • Managing SARs (Subject Access Request)
  • Updating a ROPA (Record of Processing Activities)

Our Training Solution

We have been delivering Data Champion training courses onsite or virtually for the past four years, to both public and private sector organisations.

Our one-day course includes the above topic areas. We can also design a bespoke course for your Data Champions, with any additional requirements you may have.

Prices are as follows:

  • One-day public Data Champion Training – £495 – Book here
  • Onsite one-day Data Champion Training, maximum of 20 delegates – £3,600
  • Bespoke Data Champion Training, one-day onsite course, max 20 delegates – £3,600

To enquire about the onsite courses, please click here.