Discover exclusive, practical insights into privacy and GDPR in Sypher's Data Protection Conversations.
Today we are talking to Laura Vasile, DPO at Dr Leahu Dental Clinics, provider of integrated solutions for dental health. Laura's strong legal education and experience make her a valuable Data Protection Officer for a medically focused company, where privacy is paramount.
[Read the original version, in Romanian here].
In my view, the biggest challenge for a DPO, regardless of the field, is balancing the needs of the business with the requirements of data privacy.
I believe that this challenge can be overcome by developing policies and procedures that protect personal data while allowing the business to operate efficiently. By conducting risk assessments and working with other departments in the company to integrate data privacy into the design and development of systems and processes, the need for costly, subsequent changes can be avoided.
As a Data Protection Officer in the healthcare industry, I consider a specific challenge in this field to be the management and security of patients' medical data. As this data includes medical information, diagnosis, treatment, patient's medical history, being sensitive personal data, it benefits from special protection under the General Data Protection Regulation.
In the healthcare industry, the processing of sensitive data must be done with utmost care, respecting the principles related to the processing of personal data in accordance with data protection regulations: such as implementing strict data processing measures and procedures and complying with them, avoiding excessive processing, carrying out regular checks on compliance with data protection policies, procedures and laws, training staff involved in the processing of sensitive data on security and confidentiality procedures, and respecting legal data retention periods.
As DPO, the most time-consuming activity is the constant monitoring of data processing processes, identifying areas for improvement and providing support to comply with good practices in the field of personal data protection.
The activity I enjoy most in compliance management is when I bring the team up to date with the latest legislation in the field of personal data protection, because by training employees the risks of human error decrease and the work is done efficiently.
My least favourite compliance management activity might be the analysis and resolution of data subject requests. These requests need to be dealt with quickly, promptly and efficiently in order to respect data subjects' rights and data protection regulations.
In order to have a comprehensive perspective on the protection of personal data, I think it is important to have diverse sources of information. The sources from which I draw my information are conferences or events organised on data protection, as well as books and publications written by data protection experts. I also follow the European Data Protection Board, the European Data Protection Supervisor, the National Supervisory Authority for Personal Data Processing, etc.
To me, success means being happy and fulfilled in what you do and achieving your professional and personal goals. I believe that in order to be successful, we must accept even our failures and persevere in our efforts to achieve our goals.
In conclusion, I would like to stress that compliance with data protection law should be a priority and a fundamental value for any organisation.
#SypherPrivacyTalks. Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.