In this article we want to spotlight a data protection officer based on 10 questions they were asked by DPI. Ellen Demey, Corporate Data Protection Manager at Umicore, is happy to answer them.
How did you end up in the role of DPO?
I worked as a lawyer at the Flemish Government in the run-up to the entry into force of the GDPR and was then involved in youth care and youth delinquency law. A project was then started within Flanders to bring Flemish regulations into line with the GDPR and I was allowed to take on this project, together with a colleague from the Department of Welfare, Public Health and Family. One thing led to another and before I knew it, I was able to make the switch from the Flemish Government to WhiteWire where I learned a lot from Bart and Peter and was able to gain great experiences within the healthcare sector.
Which part of the tasks of a DPO do you prefer?
Talking to people. Explain to them what the GDPR stands for and come up with a pragmatic solution together, if possible. And notice that afterwards they realize that the GDPR is not those annoying regulations that mean nothing is allowed anymore 😊
Which event in the privacy landscape has affected you the most to date?
I find the enormous development of regulations worldwide very interesting. How do you ensure that the application of all these regulations remains workable within the context of a multinational? But also how the cultural differences always surface again within the regulations themselves and then in their practical application.
How would you describe the role of DPO in your company?
Very challenging indeed. I am working on both GDPR within Belgium and the various applicable regulations within the Umicore world. I am always looking for how we can learn from each other and where we can strengthen each other, so that we (the various regions and countries) do not remain on our own little islands.
What do you think is the biggest challenge for a DPO?
Breaking the idea that the GDPR is something bad, which is still alive with some even after 5 years, and making sure you become a reliable partner, where people like to come knocking on your door to discuss their idea/project/process.
Which technological evolution do you think has the most impact on data protection (positive/negative)?
Privacy management tools are definitely number 1 here. The choice for the “wrong” tool ensures that you lose people where the choice for a tool that does suit your organization provides an efficiency gain.
What are your experiences in the contact between the DPO and the data subject/supervisor?
Very minimal. This contact has never gone further than asking for advice/info.
What is your golden tip for getting data protection and information security higher on management’s agenda?
Keep talking and try to create awareness, also at higher management level. And if that doesn’t work, keep working bottom up.
What is your Swiss army knife as a DPO?
Organize interactive training courses and keep explaining what the GDPR actually stands for.
How do you keep up with new trends in GDPR technology and legislation?
The education sessions at DPI of course 😉 In addition, I also follow a number of fixed values on Linkedin and I try to catch the necessary webinars to keep up to date with both theory (new regulations) and practice (how do I deal with an inspection, GDPR and HR, data transfers, …).