In the last episode of the GoodTech vidcast, we celebrated the one-year anniversary of the GDPR. We discussed its purpose and how it’s impacting business worldwide. This time, we continue where we left off with another engrossing conversation about the role of the people whose job it is to make sure that companies comply with the GDPR: Data Protection Officers.
This episode’s guest is Marc Vrijhof, Founder and Chairman of the European Association of Data Protection Professionals (EADPP). We dive deep into how the EADPP is providing a platform for DPOs to define their position and ensure better GDPR compliance Europe-wide. Read our recap or watch the recording on Youtube!
Why there’s a need for regulation
Marc, who has a background in law, first became interested in data privacy when he noticed that technology was creeping into our everyday lives and that, if left unchecked, companies could abuse their power and “create a 1984 kind of environment.”
Marc sees the GDPR is a fundamental step to avoiding that grim future.
“The GDPR gives us a platform where we can find a balance between economic growth and making sure that people don’t feel that their data is being misused and that they’re being reduced to faceless consumers,” he says.
He believes that it is in the interest of companies to comply with the GDPR as in the future, this will be the only way to remain competitive in a market where the value of privacy is constantly increasing – which brings us to the role of DPOs.
What’s a DPO and what do they do?
DPOs or Data Protection Officers control the implementation of the GDPR within organizations. They supervise the organizations they work for and make sure that they abide by the laws of the GDPR. They advise companies on how to manage their data processing in order to be GDPR compliant and reach a status of accountability.
Not all organizations are obliged to have DPOs, but the importance of their work is increasingly recognized.
“Within the GDPR, DPOs are given a position of strength,” says Marc.
However, since it’s such a new position, the circle of influence and responsibilities of DPOs are not crystal clear.
In order to define how they want to be seen and have an impact on how certain parts of the GDPR are going to be implemented, DPOs have to be organized.
The birth of the EADPP
Marc started the EADPP because he realized that it was fundamentally important to gather the DPOs of Europe and give them a platform where they can discuss their responsibilities, define the position that they want to fulfil as DPOs and clarify questions that cannot be addressed on an individual level.
“DPOs have to position themselves in a force field that is full of conflicting interests, including those of the European Data Protection Board, national authorities and organizations that process data,” Marc explains. “They are referees in a delicate situation.”
The EADPP is an organization that is for and by privacy professionals that are active within the European economic area. It’s like a DPO’s union, present in 32 countries with 600 members.
“My hopes are that by the end of the year, we will reach 3,000 members. However, there is a potential for 15,000 professionals to become members of the EADPP,” Marc says.
Not all EADPP members are based in Europe: some work with companies on other continents that address the European market and are thus actively involved in the GDPR.
A private platform for DPOs
As official advocates of data privacy, DPOs must walk the walk and demonstrate that there are ways of communicating online and sharing data that “are based on mutual respect.”
The EADPP has chosen Idka as its partner so that their members can use a private tool to discuss sensitive issues. They are in the process of introducing Idka to their members and inviting them to join the platform and start the conversation.
“Privacy is a fundamental right – there’s no question to it. However, it has to be balanced against another fundamental right, which is freedom of speech. There has been a development in how we envision the coexistence of these two fundamental rights. We have to make sure that both of them live and prosper,” Marc concludes.