At DPAS we have spent the last two years helping Organisations of all shapes and sizes to become more data aware. We’ve hand held many large Organisations through changes to ensure they were ready, and are ready to handle data protection issues internally.
We are often asked ‘what is the best way to set up data protection governance within the Organisation‘. We’ve worked with different Organisations putting in place different structures depending on their current governance structures to help them understand what the future for them may look like and how they can best handle data protection issues within their Organisation.
We feel the best way to handle Data Protection within many Organisations is as follows:
We understand that some Organisations will not have the legal requirement to have a Data Protection Officer, but having that confidential independent DPO is often good practice is Organisations that process lots of data.
Most of our clients that we work with are now set up in the above way, and use DPAS for that external independent DPO advice as and when required. Most only using a couple of days per month.
The role of the Data Protection Unit is as follows:
– Deals with transactional activity from the business and data subjects
– First point of contact in the business, 1st line SME
– Manages SAR, Rights to and Assurance
– Guardian of Policies, Procedures, DPIA and guidance
– Manages training delivery
– Manages IG governance & reporting
– First call on breach incident
– Leads relationship with DPO
– Filters organisational escalation to Legal team – 2nd Line
There are many benefits to having a Data Protection Unit:
– Provides IG control within the business
– First point of contact in the business, 1st line SME therefore ensuring a single point of contact.
– Manages SAR, Rights to processes ensuring delivery
– Provides consistency in Policies, Procedures and guidance for DPIA
– Manages training delivery to ensure compliance
– Manages IG governance & reporting for business
– First call on breach incident and decides escalation to DPO
– Leads relationship with DPO ensuring only assurance
– Filters organisational escalation to Legal team –2nd Line to ensure that legal team only deal with 2nd line enquiries
We can help you to put in place structures like the above and train those sitting in the Data Protection Unit; ‘data protection managers’, ‘data champions’, ‘data guardians’ and so forth.
If you’d like some help or advice, feel free to give us a call on 01392 914019, or email firstname.lastname@example.org