Date
14.06.2023
In this article we want to spotlight a data protection officer based on 10 questions they were asked by DPI. Christa Verstraeten, company lawyer and DPO at P&V Verzekeringen, former student and current “Stay Tuner” at DPI, is happy to answer them.
How did you end up in the role of DPO?
In 1992, I already worked as a company lawyer for P&V Verzekeringen. The Belgian Privacy Act of 8 December 1992 then ended up on my desk, partly due to a lack of interest from the other colleagues. As a result, I accidentally became the privacy lawyer within the P&V Group. My designation as DPO was therefore the logical consequence.
Which part of the tasks of a DPO do you prefer?
My preference is to raise awareness. It is time-consuming to prepare, but it is a challenge to explain the GDPR in ‘normal human language’ so that it is perceived less as a burden by the business.
Which event in the privacy landscape has affected you the most to date?
It is not really an event but rather the rapid evolution that strikes me, especially the fact that in a relatively short period of time the large companies are also increasingly forced to comply. In 1992, the Privacy Act was seen as superfluous, and it was hardly considered, or not at all, in the daily life of a company. Today, the situation is very different.
How would you describe the role of DPO in your company?
It is a second-line function that is indeed considered. I am being consulted for many projects and privacy-related questions and I have the impression that my advice as a DPO does count for something within the company.
As far as the ‘visibility’ of the function is concerned, there has also been some, albeit very gradual, evolution. But because I have been working within the P&V Group for more than 30 years, most people know me, and I am easily accessible. But the function will and should evolve in the future. That also applies to the person who fills the position. My successor will undoubtedly need to have not only legal but also much more technological knowledge.
What do you think is the biggest challenge for a DPO?
The biggest challenge is preventing downtime. You need to step out of your comfort zone, ask critical questions and bring risks to the attention of top management.
Which technological evolution do you think has the biggest impact on data protection (positive/negative)?
I suspect artificial intelligence. Today, the impact may be rather negative as technology moves faster than regulation. It is not always easy for lawyers to work in this context. The upside is that the regulator will have to stay wide awake to keep up with the technology.
What are your experiences in the contact between the DPO and the data subject/supervisor?
Contacts with those involved are not that frequent. When a data subject approaches me as a DPO, there is often an ‘underlying’ reason/complaint. People are only marginally interested in what happens to their data.
Over the past few years, I have had very little or no contact with the regulator.
What is your golden tip for getting data protection and information security higher on management’s agenda?
I think it is important as a DPO to be and remain visible in the company in a positive way. A second-line function with a proactive attitude, who doesn’t slam on the brakes on every occasion, is considered a plus by management. Do not use risks and sanctions as a deterrent but rather take a constructive approach.
What is your Swiss army knife as a DPO?
The employees know that, in the first place, I support the business with a proactive approach and look for solutions that consider the risks. I also know the organization well, and therefore not only the strengths but also the weaknesses. Due to my many years of experience in the company, I have the great advantage of being able to rely on colleagues that I have known for all these years and with whom I can have honest and transparent conversations.
How do you keep up with new trends in GDPR technology and legislation?
That is a real challenge for a DPO. Often there is not enough time. But it is essential to keep a finger on the pulse. I read as much as I can, talk to DPOs from other companies and regularly attend seminars to update my knowledge.
Date
14.06.2023
