Discover exclusive, practical insights into privacy and GDPR in Sypher's Data Protection Conversations. We're kicking off the series with George Francu of Romstal Group. 

George has been the Data Protection Officer at Romstal Group for more than 3 years and has a background in legal studies as well as a strong knowledge of cyber security. Let’s dive in: 

What do you think is the biggest challenge for DPOs, regardless of industry? 

Stopping non-compliant processing within the organisation without blocking the organisation's activity. 

What is your professional advice on how to overcome this? 

On the one hand, management and those involved in the process need to understand that there are limitations to the processing of personal data and what those limitations are.  

On the other hand, the DPO needs to understand as best as possible what the motivation/need is for processing the data, so that they can identify and provide alternative options. 

Is there a challenge specific to your industry (please specify which industry)? 

I don't think it's specific to the B2C/ retail industry, but I do think it's a challenge to ensure that staff who process customer data follow company policies and procedures to ensure compliant collection and secure storage of data. 

What's your professional advice on how to tackle this? 

As the Latin proverb goes, repetition is the mother of learning. The training process should be continuous, and the DPO should have as many formal and informal meetings with colleagues within the organisation as possible. 

"The role of DPO has helped my personal development, including giving me a much more complete picture of how my organisation works and a better understanding of certain mechanisms."
George Francu, DPO Romstal Group

What is the most time-consuming activity you carry out as a DPO? 

Informing and advising the controller or processor, including training their staff, on their data protection obligations. Among other things, I produce and send out a monthly newsletter within my organisation to raise awareness of privacy and cybersecurity risks. 

Which compliance management activity do you enjoy the most and why? 

Dealing with requests from data subjects regarding the processing of their personal data and the exercise of their rights.  

Why? Because it allows me to find out how well the policies and procedures are known within the organisation, and what vulnerabilities are not covered. And because it's easy to do this with the help of Sypher, which has a Data Subject Request Manager module 😊. 

What is your least favourite compliance management activity and why? 

Having to revisit topics or issues that were thought to be resolved, but it turns out there is a bottleneck somewhere and the process needs to be reviewed. It's a bit demotivating. 

What is your source of information? 

I follow the notices published by the authority on dataprotection.ro, the European Data Protection Board on https://edpb.europa.eu, information on sanctions applied on https://www.enforcementtracker.com/ 

What does success mean to you? 

Contributing to positive change within the organisation and sharing my knowledge with others. 

Anything else you would like to add? 

The role of DPO has helped my personal development, including giving me a much more complete picture of how my organisation works and a better understanding of certain mechanisms.

___
#SypherPrivacyTalks. Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.