Virtual Data Protection Officer: an alternative?

Recently, E-Crime Expert posted a blog on “What a Data Protection Officer means for an organization”. Further, another blog post presented “How to process personal data in an Organization”.

Employing a data protection professional in an organization could bring significant benefits, such as:

• Help protect your: business, clients, private information and intellectual property;
• Maintain clean, correct, up-to-date data;
• Maintain confidence and trust among employees;
• Reduces “organization incidents”;
• Customer confidence;
• Protects the reputation;
• Improves privacy protection;
• Increases privacy-awareness within the organization.

Unfortunately a DPO’s services may not be affordable and accessible to all businesses and organizations.

For example, there could be many businesses that are large enough to require a data protection officer but too small to afford paying for a full-time employee to undertake this role. Another issue could be that there are no trained (certified) DPO’s in your local area.

Therefore, an alternative exists for this common situation: the Virtual Data Protection Officer (VDPO).

A VDPO can be an independent contractor rather than employee.

In this case, the clients do not have to pay employee-related taxes, insurance or benefits. Clients also avoid the logistical problem of providing extra office space, equipment or supplies. The VDPO’s discreet presence could make the employees and customer feel comfortable. Common modes of communication and service delivery include the Internet, video, e-mail and phone call conferences, online work spaces, VOIP and fax machine.

How it could work:

Phase One (setting up the collaboration):

The VDPO allocates a first phase (in-person would be preferred) collaboration/service period working with the business to:

• Asses the particular needs of a particular organization;
• Establish necessary policies and procedures;
• Carries out staff training.

In this first phase the VDPO will provide policies established and tailored based on the business’s particularities (i.e. virtual store, offline store, law firm, etc).

• Data Protection Policy and good practices;
• Data Security Policy and good practices;
• Document security Policy and good practices;
• ID policies;
• Video surveillance policy (if required);
• Computer/Internet Use Policy and good practices;
• Social Media Policy and good practices;
• Website Privacy Policy and good practices.

In the second phase of appointment/collaboration, the VDPO will provide (from a remote location) the following services:

• Periodical updates regarding the legislative changes and the effective implementation measures if required;
• Periodical staff training and also new staff training, delivered over tele-conference, VOIP, website, tutorials, videos and any relevant materials;
• Using the same tools as mentioned above, conducts regular campaigns to improve internal privacy awareness;
• Pertinent and effective opinions regarding data subject requests;
• Provides Privacy Impact Assessments and solutions for new business procedures, services or products involving data protection;
• Handles any problems or queries related to Data Protection that arise;
• Provides Data Protection audits;
• Conducts systematic research in the field of data protection and determines how it directly applies to a particular business;
• Is the liaison between the National Data Protection Authority and the business/organization;
• Supervise the transfer of data to “third countries” in case the Organization has a subsidiary/branch overseas (i.e. from EU to US).

The services of a VDPO depend on the size and nature of the business, and the contracts are negotiable also based on size and nature of the business.

A VDPO could be more affordable than a in-house DPO or a part-time on-site DPO collaborator/consultant, for an organization, which is growing and developing being on a stricter budget, but aims to offer an adequate protection of personal data and privacy  for its customers and employees.

So many organizations/business (if not all) have an IT professional/consultant for their IT system, computers, cloud computing, outsourcing, etc., I am assuming that a VDPO professional for protecting the (personal) data, sensitive information, private information, intellectual property, business secrets, would be as necessary as the IT professional.

If you would like to hire a Virtual Data Protection Officer (VDPO) for your business or organization contact: dan@e-crimeexpert.com

If you would like to learn more about Virtual Data Protection Officer, questions can also be submitted to: dan@e-crimeexpert.com

More information can be found at: www.e-crimeexpert.com

Have you heard of a Virtual Data Protection Officer? Would you consider hiring one for your business or organization? What other contribution(s) could a VDPO bring to an organization? How would you feel or your staff feel about having direct online contact with the VDPO?

To keep up with the latest information about Privacy and Data protection, hit the “subscribe” button to receive an email when new videos and articles are posted on this blog.