Frustrated man

The lone data protection army

Top 3 data protection program issues and how to start resolving them: #18

Being a Data Protection Leader can be a lonely job.

You don’t always get invited to meetings where you know you should be present.

You may work with a shoe-string budget and getting buy-in to your work is a daily challenge.

Your work may not be valued by others, and this gets you down.

Data protection is complex and in many companies, one person doing the job exposes the company to risk, is not sustainable and can be stressful for the individual responsible.

Many days are an uphill struggle for you.


#1 SPOF

When you’re away on holiday, or off-work ill, you know you’re the single point of failure (SPOF) when nobody has taken on your tasks in your absence.

All mails in the shared mailbox remain unread.

You are the glue that makes data protection hang together in your company.

Without you, it will all fall down and your company is even more exposed than it was before.

If you leave the company, your replacement probably needs to start from scratch, establishing their framework, rather than taking over yours.


#2 Beyond ad hoc

If you are familiar with capability maturity models - yes, there are a few for data protection - you’ll know there are several levels along the lines of:

  1. Initial (chaotic, ad hoc, individual heroics)
  2. Repeatable (documented sufficiently such that repeating the same steps may be attempted)
  3. Defined (defined/confirmed as a standard business process)
  4. Capable (quantitatively managed in line with agreed-upon metrics)
  5. Efficient (includes deliberate process optimisation and improvement)

Lone leaders are often level 1.

I’m not saying you need to be at level 5, that will take years.

Aiming for level 2 or even 3 is worth considering.


#3 All the stress

You should be anticipating and embracing change - new laws, changes to existing, emerging tech, and so on.

Your risk management system must be living and breathing.

Your ROPA must be up-to-date.

You need to keep your company’s workforce motivated through a cadence of education, training, and awareness.

And those are just the obvious tasks.

And then there’s the daily, ongoing problems, or fire fighting.

You need help and support.


Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.

We’re based in Denmark, but operate globally.

If this issue resonates, book a call to discuss your requirements!

Petruta Pirvan
Tim Clements
March 2, 2023

Blog

Other posts

June 2, 2023
Disseminating policies
Tim Clements
May 27, 2023
Ineffective controls
Tim Clements
May 26, 2023
DPIA on a page
Tim Clements
May 25, 2023
GDPR on a page
Tim Clements
May 24, 2023
Explaining Data Controller/Data Processor obligations
Tim Clements
May 23, 2023
5 years on - are these perspectives still relevant?
Tim Clements
May 22, 2023
GDPR 5 years old - is it really?
Tim Clements
May 11, 2023
The US privacy landscape: complex and in a state of flux
Tim Clements
May 9, 2023
Employee engagement
Tim Clements
May 4, 2023
Unsure of which IAPP course fits your needs?
Tim Clements
May 2, 2023
Managing risk
Tim Clements
April 27, 2023
Interactions and inter-dependencies with others
Tim Clements
April 13, 2023
Copy/paste consultancies
Tim Clements
April 6, 2023
Controller/Processor life-cycle
Tim Clements
March 30, 2023
Responding to an audit
Tim Clements
March 26, 2023
Being prepared for a data protection audit
Tim Clements
March 23, 2023
Data protection templates
Tim Clements
March 11, 2023
Data protection program control
Tim Clements
March 6, 2023
Reporting data protection status
Tim Clements
March 2, 2023
The lone data protection army
Tim Clements