GDPR has been a thing for a while now, and Entercard hired our Data protection officer (DPO), Henok Tesfazghi, back in 2018. Data privacy and information security has become a part of our daily work, and Henok is the one making sure we are up for the task.
We took a chat with him to understand a bit more of a DPO’s role and responsibilities.
– My overall task is to oversee Entercard’s data protection practices. I advise the business on how to be compliant with GDPR and related laws and legislations, and try to make sure that we are ahead of the game.
What does this mean on an ordinary day at the office?
– It is hard to define a normal day, but a DPO needs to be involved in, and understand a variety of Entercard’s processes. I guess it is well known that one of my responsibilities is to serve as the point of contact for customers on privacy matters, but it is just a small part of my duties.
– I sign off on data protections agreements (DPAs) and Data protection Impact Assessments (DPIA). I am responsible for the creation of privacy related processes, frameworks, standards and guidelines, raise privacy awareness (e.g. through training programs) and advice colleagues on all privacy related activities. In case of personal data breaches, I am the point of contact between Entercard and the supervisory authority. I could go on for a while, but I think you get the picture.
What does the future look like for data protection and privacy?
– “The most valuable commodity I know of is information” is a quote from the fictional character Gordon Gekko (Wall Street) and in my view the appreciation for information in general and personal information in particular has not diminished since the 80s. By in large we live in a data driven society and work in a data intensive industry, and our ability to make smart decisions are dependent on technological innovations and the amount of (personal) data we are allowed to process.
In my estimation, privacy and data protection will always be important components in our drive to deliver outstanding products and services to our customers.
– How relevant data privacy will remain I think depends on how it affects people’s daily life. If the only thing people encounter are constant cry for consent on every web site they visit, we might experience some privacy fatigue. On the other hand, if privacy violations are recurring (e.g. Cambridge Analytica), then people may understand the need and importance of data protection regulation.