New DPO? These 3 steps will take you in the right direction

As the new Data Protection Officer (DPO), you play a central role in helping your new employer comply with data protection regulations.

Your first few weeks in the role are crucial, and getting off on the right foot will have a positive impact on your working relationships with colleagues and stakeholders.

So, how do you start? 

Step 1 - Assess your organisation’s readiness to demonstrate compliance

When starting a new job, it can be easy to lose focus, especially when urgent matters demand attention. While dealing with these pressing issues should be your primary focus, make sure you also take the time to conduct an objective assessment to see where you stand.

If you're able to spend some time with your predecessor going over the privacy management program, this will be easier... if not, you’ll have to do some digging to find the information you need.

At this stage, you are just trying to do a quantitative gap assessment - identifying what documents and information you have and what you need - so that you understand what you need to plan for.

For a detailed checklist, here is a free 10-minute online self-assessment tool that covers the key topics. The report also provides suggestions on how to close each gap and is instantly available (no email or contact details required).

Step 2 - Establish priorities and make a plan to address them

With a list of gaps in hand, but limited time and resources, now is the time to pick your battles. Here are a few suggestions:

• For each gap identified, rate the importance and urgency, then multiply the 2 scores to get the final priority. The higher the score, the higher the priority.
• Discuss with key stakeholders and validate the priority of each item on your list. Sometimes there may be other factors to consider, such as strategic initiatives that should be given higher priority.
• Look at each gap in detail and make a high-level action plan to estimate how long it will take to close it. Use this information to set clear milestones for the first three months, six months and first year. This exercise will not only help with your regular performance reviews but also with your annual reporting to management. 

Need some inspiration? Sypher’s built-in project plan provides step-by-step guidance for the most common tasks. 

Step 3 - Secure the support & resources needed to deliver 

Experienced professionals know that you can have something fast, cheap, or good, but you can only choose two of those options.

Assuming that "good" is a given, the only question that remains is how urgently you need to address the gaps. Investing in the right tools will save both time and headaches for everyone with data protection responsibilities.

Here are a few other suggestions to consider:

• Don't be afraid to ask for what you need to achieve your goals. Use your plan to support your request for resources, whether it is more staff, a budget for training and technology, or access to industry experts and specialists.
• Privacy management is a team sport. Engage your colleagues and make it easy for them to play their part. 
• Make it a point to regularly report progress (or lack of it) to senior management. Keeping them informed of what you are doing and any roadblocks will help them understand what is going on and the level of support they need to provide.

To learn more about how to engage your colleagues, overcome technical challenges and get buy-in from management, take a look at this article: Navigating the roadblocks to a successful privacy management program.

—
Did you find this article helpful? Stay tuned for more by 📌 following our Social Media pages and/or 👉 subscribing to our weekly newsletter. We'll keep you up to date on topics such as Privacy Management, Information Security, and GDPR compliance.