In this post, we will delve into the importance of the Data Champion role within organisations and how it can help embed good data protection practices throughout different business areas.
At DPAS, we have spent the last six years assisting organisations of all sizes in becoming more data-aware. However, we understand that this process is not always easy. We have helped many organisations create an internal governance structure to ensure that the business is protected from risk, staff are supported, and there is an important data protection confidential firewall to protect the rights of data subjects.
Our goal is to educate teams on the Data Protection Unit and associated roles, to help ensure that employees understand what the future may look like and how they can best handle data protection in their organisation. Let’s dive in!
We’ve worked with different organisations on establishing a governance structure. This helps ensure that employees understand what the future may look like, and how they can best handle data protection internally. This involves educating teams on the Data Protection Unit, and associated roles.
The roles in your Data Protection Unit
The Data Protection Officer (DPO)
The DPO represents the interests of the data subjects (not the organisation) and liaises with the ICO wherever needed. They also inform the Board on data protection issues.
We understand that some organisations will not have the legal requirement to have a Data Protection Officer. However, having that confidential, independent DPO is often good practice in organisations where large amounts of data is processed.
The Governance Board
The Governance Board make decisions about levels of risk they accept. They take into account DPO advice, along with material information from the Data Protection Manager and Data Champions.
The Data Protection Manager (DPM)
The DPM is someone who ensures data protection issues are being dealt with appropriately and within timeframes. This can be a time demanding role in most organisations. They are the key contact for the DPO and will have undergone extra data protection training.
Where does the Data Champion role fit?
There should be a Data Champion from each business area that will help channel information on data protection within their department, and ensure tasks are completed for the Data Protection Manager.
The Data Champion should undergo a full training day and will be the ‘go-to’ person responsible for overseeing data privacy matters in their business area.
These people are responsible for encouraging a privacy culture in their business areas and ensuring any concerns or queries, especially regarding potential data breach issues, are expediently escalated to the organisation’s Data Protection Manager.
If you’d like to see a typical Data Protection Champions Job description, please click here.
So… How do we get the Champions sufficiently trained to enable them to complete their delegated role of a Data Champion?
Ask your Data Protection Officer or Data Protection Manager to create a training programme for your Data Champions, which should include the following topic areas:
- What is personal data and why does it need to be protected
- Data protection principles
- Employee data protection obligations
- Employee training and awareness
- Information rights for employees
- Key considerations for disclosing personal data to external third parties
- What is special category data and the correct procedures for handling information such as trade union membership, medical and sick absence data
- How to complete a DPIA (Data Protection Impact Assessment)
- How to manage a data breach
- Managing SARs (Subject Access Request)
- Updating a ROPA (Record of Processing Activities)
Or outsource your training requirements
We have been delivering Data Champion training courses onsite or virtually for the past four years, to both public and private sector organisations. Our one-day course includes the above topic areas. We can also design a bespoke course for your Data Champions, with any additional requirements you may have.
Prices are as follows:
- One-day public Data Champion Training – £495 – Book here
- Onsite one-day Data Champion Training, maximum of 20 delegates – £3,600
- Bespoke Data Champion Training, one-day onsite course, max 20 delegates – £3,600