DPO in the spotlight: Cathy Habils

In this column, we like to take a moment to highlight a Data Protection Officer based on some 10 questions DPI asks them. Cathy Habils, alumnus and current Stay Tuner at DPI, is happy to answer them.

1. How did you end up in the role of DPO?

After we sold our company Sun Telecom, I was looking for a new challenge. After following the initial Data Protection Officer training at DPI, it quickly became clear that being a DPO is in my DNA.

2. Which part of the tasks of a DPO do you prefer?

Looking for solutions together to protect the customer’s personal data and to facilitate the needs and wishes of the organization.

3. Which event in the privacy landscape has affected you the most to date?

The nonchalance with which the government treats the data of us as citizens: fingerprints on the identity card, engraving national register numbers on bicycles as protection against theft, ANPR cameras everywhere and their extensive use,…

4. How would you describe the role of DPO in your company?

An indispensable link in the whole. As a DPO, I am increasingly involved in projects more and more quickly. I strive to be very accessible, my proverbial door is always open: for advice, to think along, to look for alternatives,….

5. What do you think is the biggest challenge for a DPO?

Keeping GDPR in the spotlight at all levels. From management to reception staff. Everyone has to deal with personal data and has to do all sorts of things with it. And that “doing” must be safe and correct and that is not always easy to achieve.

6. Which technological evolution do you think has the most impact on data protection (positive/negative)?

Social media. It goes fast and hard and it starts very young (Tiktok and stuff…). Social media can be very nice, but there are a lot of dangers lurking around the corner. Dealing with those dangers is very difficult. Here I still see a lot of room to inform the general public better and more thoroughly.

7. What are your experiences in the contact between DPO and data subject/supervisor?

I have not yet had direct contact with the regulator. Contacts with those involved are also infrequent. The few times I had contact with a person involved, this went very smoothly.

8. What is your golden tip for getting data protection and information security higher on management’s agenda?

Be visible in the organization. Underline the importance of GDPR as often as possible and put it in a positive light: dealing securely with your customers’ data is caring for those customers.

9. What is your Swiss army knife as a DPO?

I have a lot of business experience. I understand the challenges of different roles in an organization which is very useful when researching new tools or entering into new partnerships.

10. How do you keep abreast of new trends in GDPR technology and legislation?

I subscribe to a number of newsletters, I regularly attend seminars and conferences, I am a member of DPO-PRO, a loyal listener of the dasprive postcast and I have been following DPI’s Stay Tuned since the start, which is an absolutely indispensable tool for me to keep up to date with all the latest developments 4 times a year.