In this article we want to spotlight a data protection officer based on 10 questions he was asked by DPI. Alain Hainaut, Independent DPO – IT and GDPR Consultant, former student and current “Stay Tuner” at DPI, is happy to answer them.
- How did you come to the role of DPO?
I come from the world of IT, both in terms of my studies and my professional career. After finishing my employee career as CIO and member of the Executive Committee, I wanted to try my luck at consulting. We were in 2017-2018 and we were talking a lot about the GDPR at that time…
I thought that a DPO training could be wisely combined with my IT knowledge and my experience at the executive level in order to offer a broader advice.
- Which missions of the DPO role do you prefer?
To be honest, I really don’t like the “bureaucratic” side of the GDPR.
What I really like, on the other hand, is to look for solutions allowing the “Business” teams to achieve their objectives, while respecting the laws relating to the protection of personal data.
This task can even lead to improving or optimizing the operation of the company or service concerned. As DPO, I sometimes do Data & Process Optimization 😊
I also like the training aspect of the mission. I like in particular the challenge of interesting an audience a priori not attracted by the subject, even reluctant to the GDPR.
- What event in the privacy landscape has most affected/touched you so far?
There are several, but I would mention these two:
- In terms of the event, the hacking of hospitals which I find particularly revolting and shocking. We can of course consider that this is the case with all hacks, but I find that these have far greater consequences than a ransom or data theft. This can lead to mortal fatalities! Normally, even in times of war, the medical teams and the wounded are spared…
- In terms of the future, what worries me are these increasingly ubiquitous and sometimes well-hidden data collections. I am thinking in particular of the extraction of data without our knowledge through “smart devices”, but also simply of the exponential growth in the number of surveillance cameras.
I think this represents a great risk for our individual freedoms, but also for our democracies.
- How would you describe the role of the DPO within your company?
I would say that I am the reference in terms of GDPR and more generally for everything related to personal data. I have a role sometimes of advisor, and sometimes of safeguard. But certainly not that of decision-maker!
- In your opinion, what is the biggest challenge for a DPO?
The first challenge that comes to mind is to be seen as a solution partner rather than an umpteenth internal controller.
But I see others, linked to the regulation itself, such as transatlantic data transfers in the era of globalization, still very recent case law, etc.
- In your opinion, which technological development has the most impact on data protection (positive/negative)?
What I would call the “democratization” of information technology, that is to say the fact that ordinary people personally have increasingly powerful computer tools, tools that they take with them or even use at his place of work. And when I talk about tools, that includes hardware, but also software, apps, social networks, websites, etc.
As with any major evolution, it involves positives and negatives, opportunities and risks… It depends on the people and how they use it. In this regard, I think not enough is being done in terms of education and inclusion.
- As DPO, what relationship do you have with the data subjects?
The few cases of requests for information or the exercise of rights that I had to deal with were done in a very good atmosphere. I think that the fact that I listened to the real needs of the person concerned greatly contributed to this.
- What is your best advice for putting data protection and information security higher on the management agenda?
Honestly, my perception is that this subject is not so badly placed on the management agenda.
On the other hand, it seems to me that the difficulty lies more in understanding the issues, the risks, and the many other elements to take into consideration. This of course complicates decision-making, whether in terms of resource allocation or risk management.
My advice would then be summed up by KISS (Keep It Simple and Stupid) 😊
- As DPO, what is your Swiss army knife allowing you to overcome all your challenges?
If anyone has one, let me know 😊
In fact, I think that, as often, the real Swiss army knife is our “soft skills”. In particular, knowing how to listen, understanding the challenges of the other, communicating in an appropriate way, knowing how to be convincing but always benevolent, etc.
- How do you keep up to date with new trends in technology and GDPR legislation?
Reading newsletters and participating in events seem essential to me. And without being limited exclusively to the GDPR! You have to keep an open mind. In the end, the GDPR is a matter of society!
But of course, we, as DPO, must ensure that we keep our knowledge of the regulation and its application up to date. For this, continuous training seems essential to me, especially for me not being a lawyer. And there is nothing like the “Stay Tuned” sessions from DPI, which is for me the best way to have a summary of the important decisions taken during the past quarter and to have exchanges with experienced lawyers.