Date
11.03.2024
In this article we want to spotlight a data protection officer based on 10 questions they were asked by DPI.
Barbara Schoonjans , Data Protection Officer at Baloise , is this months DPO.
How did you end up in the role of DPO?
Barbara: This happened gradually. Before I became DPO at Baloise, I worked at legal insurance company Euromex, subsidiary of Baloise. I was a legal specialist there and when the compliance function was launched in 2005, I took charge of the privacy domain. In 2012 I became a full-time compliance officer before moving over to Baloise to become a full-time DPO in 2018 when the GDPR came into force. So have almost 20 years of active privacy regulatory experience.
Which part of the tasks of a DPO do you prefer?
Barbara: I like the variety between providing advice in long-term projects but also do like responding quickly to incidents. I also like to provide education and training, knowledge transfer and awareness of the matter. GDPR may seem boring to some but I try to convey it in a practical way.
Which event in the privacy landscape has affected you the most to date?
Barbara: Now anyway the rapid evolution of technology like artificial intelligence and tools like chatgpt where a lot is possible for improving and speeding up processes. But it also brings many dangers and privacy risks such as “deepfakes” where fake profiles try to steal data.
How would you describe the role of DPO in your company?
Barbara: Permanently advising and also thinking along to arrive at solutions that are GDPR compliant. Being proactive and not merely a check the box in a governance process.
What do you think is the biggest challenge for a DPO?
Barbara: DPO is a position where you will be involved in many processes, company-wide and across departments. You have to advise, perform assessments, handle complaints, report, … it is therefore important to know the company in which you work well and permanently maintain your network within the company.
Which technological evolution do you think has the most impact on data protection (positive/negative)?
Barbara: Artificial intelligence for the sake of speed and impact.
What are your experiences in the contact between the DPO and the data subject/supervisor?
Barbara: Contacts with the data subject are unfortunately usually the result of a non-GDPR conflict especially complaints in an underlying file.
What is your golden tip for getting data protection and information security higher on management’s agenda?
Barbara: Ensuring that you are well known to management and proactively thinking about solutions.
What is your Swiss army knife as a DPO?
Barbara: Being reachable, giving understandable advice, not delaying, making sure you are also an added value. But also being very clear when certain things are not possible.
And more than 30 years of experience in the industry, so you know well how an insurer works, helps.
How do you keep up with new trends in GDPR technology and legislation?
Barbara: Internally through monthly meetings with my fellow DPOs within the group Baloise .
And externally through Stay Tuned but I also follow many professionals on Linkedin, newsletters, participate in networking events and speak with fellow DPOs, specialized lawyers,….
Date
11.03.2024
