Some data protection officers go through the motions of doing data protection impact assessments. They ensure the policies exist and that the organisation is legally compliant.
And some data protection officers are champions of the people. They understand the law is a minimum requirement and it is easy to ‘hurt’ people and not break the law. They understand data protection impact assessments are about conversations and far more than ‘is the system secure’. Data is about and is people. Not just bytes and bites, but people, flesh and blood. Therefore, data protection is much more than the system we use and security, but why are we collecting data in the first place? And even how are we collecting the data?
If you are that kind of data protection officer, you realise your job is about change, about helping others see new perspectives, and quality control. And yes, it is likely inconvient, but most work worth doing is.
If you don’t champion people who will?
This post is riff off a recent Seth Godin post.