DPOs are set up to fail from day one (and no GDPR pro is safe)
💌
This is a companion article to an edition of my free newsletter, subscribe for more: The Rieview. Curious about the 'DPO - role conflict' Topic page? Read more here.
Here's my comparison - see below for the English summary:
Summary
- 🔴 You went from reporting directly to Folketingets Director, to the Deputy Director
- 🔴 You went from a likely simple typo ("sikre") to full-on GDPR violations
- 🟠 You went from being in a team of 20 engaged colleagues, to 14
- 🟢 You went from a 50% part-time role to a full-time DPO
Your primary work tasks in 2025
- 🔴 Advisory: Ensure that all processing activities comply with applicable regulations and advise management and administrative units on data protection.
- 🔴 Risk management: Prepare and update risk assessments and DPIAs, as well as identify and mitigate risks in the processing.
- 🔴 Handle data breaches: Assess and manage security incidents, register and report them to Datatilsynet, and ensure the proper notification of affected parties.
- 🟢 Supervision and control: Conduct regular audits and inspections to monitor and document the administration’s compliance with GDPR.
- 🔴 Develop policies and procedures: Maintain and implement data protection guidelines that ensures a high standard across the administration.
- Personal data processing: 🟠 Maintain and update the Folketing Administration’s ROPA and 🔴 establish and update data processing agreements with parliamentary groups.
- 🔴 Training and awareness: Inform and educate management and employees on data protection, ensuring continuous awareness through presentations and materials.
- 🟢 Management reporting: Prepare ongoing reports and an annual status report for the Folketing’s executive management.
And here's the slide: