Are you facing the same GDPR problems as most?
We asked a number of both Data Protection Officers and GDPR Leads in Education what the most common GDPR problems they come across are, interestingly, most of the answers were the same, so we thought we would put together a list of GDPR problems and some ways of how to resolve them.
1. Not Enough Time
Yes, we all struggle with it. Often, a DPO also has one or more other roles within the School, School Business Managers and Senior Leadership Teams are often the first point of call when seeking a new Data Protection Officer. These roles are often picked because the DPO is required to be a senior manager and needs a really good all-round understanding of the school. However, Business Managers have to co-ordinate much of the non-teaching activity and the members of the SLT have to combine teaching, line management and other development projects.
We can’t make extra time (if only!) but where we can help is to ensure that you focus on the highest priority items. Whether it’s through our GDPR training, getting visibility through the Sentry System or even getting us to take on some of the load,5 we can help you deal with GDPR more efficiently
2. Lack of GDPR Knowledge
It is no surprise that many DPO’s don’t understand the full complexities of GDPR requirements, such as data mapping, retention schedules, when a breach should be reported to the ICO and the web of complexity in a data protection impact assessment. The Data Protection Officer is responsible for advising on the interpretation of the regulations with all difficulties that real life can throw at a situation.
Here at GDPR Sentry, we offer GDPR Training, from basic staff awareness training to complex Data Protection Officer training to ensure you have all the knowledge you need for your compliance journey.
3. 24/7 Availability
DPO’s have holidays, and rightly so! When on annual leave, a Data Protection Officer is unlikely to want to be available to discuss breaches or the response to a subject access request. Most DPO’s would prefer not to have to be available at weekends and in the evenings. However, If a breach occurs and it needs to be reported to the ICO, this needs to be done within 72 hours of when the breach was discovered.
We recommend other members of your team are up to date with GDPR, so that in the event of absence, breaches and SARs can be dealt with efficiently and correctly. We can even provide out of hours or holiday cover to support the DPO.
4. Conflict of Interest
In the real world many decisions are driven by calculations of cost and benefit. The Data Protection Officer is expected to always put data protection first, even when this may create higher costs or cause issues for the organisation. For DPOs who are juggling more than one role this can create conflicts of interest where data protection is balanced against other priorities.
The DPO is meant to have no role in decision making about data processing at the same time as being a senior manager. Outside of very large organisations this is almost impossible to achieve. This is most evident during a data protection impact assessment.
We can support the risk assessment of an impact assessment ensuring that every angle is considered, and you have an objective perspective for your initiative.
5. Getting a Second Opinion
If you are a Data Protection Officer and you come across something you are unsure of, where do you turn? A lot of DPO’s we work with have admitted they feel like there is no support, they are expected to be the ‘go to’ person for all things data protection, however, due to a combination of the points above, unfortunately, a newly appointed DPO can’t know everything about such complex regulation.
If you can relate to any of the above GDPR problems, you are not alone. GDPR Sentry are here to support Data Protection Officers with their role, offering a range of one-off or ongoing support services. To speak to our GDPR Experts, click here.