Amelie is the designated Data Protection Officer (DPO) for a “virtual” company, non-core business operations and services are outsourced.
The creative team are always starting new projects and initiatives. New websites and micro sites pop up daily.
Amelie coaches the team in carrying out Data Protection Risk Assessments (DPIAs) using the template in the DPO Support Package. She impresses on them the need for due diligence checks on third parties and putting the right contract terms in place when outsourcing. The team use the template contract wordings in the Data Protection Consulting Toolkit.
The creative team love the website checklist in the DPO Support Package which they can use to check for mandatory content on websites and micro sites. Amelie only has to sample one in five of these from now on.
Like your style Amelie!
Update 8 June 2018
Amelie’s organisation is getting involved in Big Data projects on behalf of clients. The DPIA risk assessment identifies risks to individuals around data protection. Profiling is a particular concern.
This helps the team focus on the issues and identify appropriate solutions. The team consider using anonymised data to pursue their profiling objectives and that seems like a good solution. They agree how to carry out the processing so that the data used is truly anonymous and cannot be reverse engineered. (Reverse engineering de-identified personal data is an offence under the Data Protection Act 2018.)
Amelie joins the team for presentations to clients to help explain the importance of considering data protection risk in these projects and to recommend the anonymisation of personal data as a solution. Over time, Amelie’s colleagues agree that they will be able to take over her part in the presentations, training colleagues is a key part of the DPO role!