Discover exclusive, practical insights into privacy and GDPR in Sypher's Data Protection Conversations.  

Today we are talking to Cristian Coman, DPO at Flanco, a major online and brick-and-mortar retailer of electronics and home appliances in Romania. With a strong background in law and privacy, Cristian brings a wealth of experience in the retail industry. 

What do you think is the biggest challenge for DPOs, regardless of industry?  

The biggest challenge for a DPO is to stay on top of and update all the flows that contain personal data and consequently need to be covered by data protection. There are situations where new flows appear that the DPO only learns about after implementation. 

What is your professional advice on how to overcome this?  

Establish a strict procedure that requires any data flow (whether or not it involves the processing of personal data) to be implemented only after approval from the DPO. In this way, you can ensure that no personal data is processed without the organisation meeting GDPR compliance. 

Is there a challenge specific to your industry (please specify which industry)?  

In our industry (online and offline retailing of electronic and domestic appliances), I see a particular challenge in the processing of personal data on the basis of consent. There is a tendency for marketing departments in a retail company to try to develop as many campaigns as possible on the basis of the data subject's consent.  

Unfortunately, this is a trap, because this is the most volatile ground, since withdrawal of consent leads to the termination of processing from the moment of withdrawal, which makes it impossible to run the campaigns in the long term. 

What's your professional advice on how to tackle this?  

There is no effective solution that removes processing based on the consent of the data subject, which is in fact not desirable either.  

The solution would be regular training of staff in the marketing department on data processing based on legitimate interest, which ensures increased stability for promotional campaigns. 

There are several alternative methods of promotion that can be spread over medium or long periods of time. They keep the customer's consent up to date and at the same time help build a trusting and solid relationship between customers and the company: 

1. Loyalty programmes whereby customers can accumulate points or rewards for each purchase. This type of programme can be used to communicate with customers on an ongoing basis about points earned, rewards available and special offers for programme members. 
2. Ongoing online sweepstakes designed to keep registered participants engaged by periodically drawing desirable prizes. 
3. Promotion of events (e.g. new product launches) where customers can register to participate and receive benefits (discounts, gifts) on the spot.
4. Organising free online webinars (with a required registration) on topics of interest to customers, such as product maintenance information, the benefits of certain services (product insurance, extended warranty, eco-friendly products, etc.), or other cross-selling campaigns where webinar participants can benefit from vouchers from company partners (gyms, health food stores, etc.). 

“In addition to constant and permanent challenges, the role of DPO offers many benefits: […] enhancing and developing personal skills to deal with complex situations.” 

What is the most time-consuming activity you carry out as a DPO?  

Review of contractual provisions concerning data protection. There is no collaboration or partnership contract without a chapter (more or less extended) that regulates issues related to the protection of personal data. 
 

Which compliance management activity do you enjoy the most and why?  

Reviewing and updating internal policies and procedures concerning the processing of personal data, as this is a recurring activity that contributes to the continuous improvement of flows and operations. 

What is your least favourite compliance management activity and why?  

Managing the situation created by a security breach, as it involves intense activity and rapid reaction with a high level of stress. 

What is your go-to source of information?  

The ANSPDCP website, DPO professional groups, articles and newsletters from European policymakers, domestic and international articles. 

What does success mean to you?  

In the context of personal data protection, success means ensuring responsible and efficient management that both protects the personal data of data subjects and minimises the risks to the company. 

Anything else you would like to add?  

In addition to constant and permanent challenges, the role of DPO offers many benefits: 

1. Professional development and stability in a position on which the economic health of a company depends to a large extent. 
2. Broadening of knowledge through the interdisciplinary nature of the DPO function 
3. Enhance and develop personal skills to deal with complex situations 

___
#SypherPrivacyTalks. Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.