In this column, we like to take a moment to highlight a Data Protection Officer based on some 10 questions DPI asks them. Anja De Greve, Data Protection Officer at Vlaamse Milieumaatschappij, alumnus and current Stay Tuner at DPI, is happy to answer them.
1. How did you end up in the role of DPO?
I applied for this position at the Flanders Environment Agency in 2018. During the job interview, I was asked whether I was prepared to take a DPO course. I was happy to do that because I thought it was a fascinating field of work – and I still do. So in my second working week I took the five-day course at DPI and obtained the Data Protection Officer Certificate.
2. Which of the tasks of a DPO do you like best?
The informal advice that I give my colleagues about dealing with personal data.
3. Which occurrence in the privacy landscape has hit/affected you most so far?
The fact that during the past dry summers, some communes monitored spraying bans with drones and the Data Protection Authority’s objections to this.
4. How would you describe the role of DPO in your company?
At first, my colleagues saw me mainly as someone who came and told them everything that couldn’t be done because of privacy. Now they know that far more can be done, but with the necessary security measures, legal regulations, consent and by providing information.
5. What do you think is the biggest challenge for a DPO?
Drawing up an accessible, understandable yet complete privacy statement and drawing attention to it. Privacy statements and the relevant links are often hidden away in small letters at the bottom of the website.
6. Which technological development do you think has the most impact on data protection (positive/negative)?
The power of identifying data patterns on the basis of algorithms, but also the dangers involved. These patterns can reinforce existing preconceptions and lead to premature conclusions.
7. What are your experiences as regards the contact between DPO and data subject/supervisory authority?
Clear and open communication is very important for the data subject and the supervisory authority. Infringements sometimes occur but that meets with understanding. But you do have to explain clearly what the measures are in order to avoid recurrences.
8. What is your golden tip to move data protection and information security higher up the management’s agenda?
Get a letter from the data protection authority with recommendations to prevent a reported data leak in the future.
9. What are your essentials as DPO?
Information, communication and visibility. The fact that I am a wheelchair user is often handy here. Everyone knows me, both my colleagues at the Flemish Government and fellow DPOs.
10. How do you stay up to date on new trends in GDPR technology and legislation?
By networking, self-study, going through general and specialised information sources and regular further training.