Identifying the Right Data Protection External Support
So you’ve decided to outsource some or all of your data protection functions; how do you know your trusted service provider is offering the right fit for your organisation? This article gives some guidance on selecting the right data protection external support.
How to get the right person
This is an age old problem, and even more critical in the context of the management of personal data. There are four key aspects that we would recommend an organisation consider when considering external support for data protection;
Business experience/maturity – This is not simply about knowledge of data protection regulation, it is about a balance of business, IT and legal skills. The ability to understand business processes, the imperatives of a business, and to balance business obligations in the context of the individual business is essential.
Qualification – There are many qualifications out there. More focus should be given to the quality of experience, the capacity to deliver and the chemistry with the individual when selecting the right person for a role. However, the following grid of qualifications may help to provide some context;
The choice is ultimately yours, and hopefully this piece will help you to select a person who can deliver for your organisation.
CIPP is the easiest to obtain, around €1,500 for an online course and certification. No prior qualification or experience is mandated. There are many quality individuals that have selected this qualification and it is a favourite with the recruitment companies.
The CSI qualification has pre-registration competency requirements is well established and typically attracts individuals with an IT approach to data protection.
IoB qualification this course has pre-registration competency requirements and appears to deliver a cohort that has a more broadly based, with a minimal bias to financial services. Probably a good basis on which to de-risk a business in general.
Capacity – We are in a world where good skill sets are limited – be aware of who exactly is providing the service to you. It is preferable to have the experienced person managing your affairs and in many occasions responsibilities are passed on to a junior.
Chemistry – One of the most important yet often underrated elements. Do you get on with the person? This role is going to result in you having to take a view on various items, and to agree the appropriateness of actions. A capacity to talk freely and to make decisions without egos getting in the way is essential. Getting this part right will save a significant amount of effort and cost to the business, and ultimately protect it from harm.
Outsourcing a Data Protection Officer DPO or Services
The when, what and how to outsource for data protection. Full article here
EU Representation (for non EU companies)
We have analysed the considerations for the appointment of an EU Representative here
Getting professional support
If you need data protection support for your business, or simply need to define the role that will best serve your needs, please feel free to contact us for a confidential initial conversation.