The 5 Critical Challenges Affecting Data Protection Officers

Unlike other departmental roles, a DPO does not fit neatly within an organisation’s structure, often further complicating an already challenging role.

We have worked within the cyber security industry for 18 years and have seen how data protection has developed, witnessing how these problems have affected the DPOs we work with. Working with our partner Varonis, we have created a list of the top 5 challenges we see Data Protection Officers face in 2022.

1) The Siloed Approach to Departments

We use the term ‘cyber security void’ when referring to the siloed approach in organisations and data protection unfortunately falls within this void. Because of how organisations are structured, each department usually have their own responsibilities, expectations and goals. Crucial aspects that are lacking within this void are wasted investment opportunities, visibility and assurance in security protocols. Instead, complacency and risks are highly prevalent, leading to gaps and windows of opportunity for data breaches. To overcome the silo effect, a comprehensive level of communication between departments and an overall strategy, agreed by all, is needed.

2) A Broad Remit

Causing further issues with the siloed approach, a data protection officer’s role covers tasks affecting multiple departments. This can often lead to strained relationships with other leadership members as their policies and procedures may be insufficient causing further disruption to their role.

DPOs must deal with internal matters (e.g., awareness training) but also external factors like regulations compliancy and access requests. The role is often under resourced and most DPOs work without their own team. With limited resources, it is often hard for DPOs to know where to prioritise their time. The number one reported incident to the ICO is misdirected emails by employees. Some make the mistake of believing that external factors should be the number one priority. As this statistic suggests, this is not always the case and depends on the organisation.

3) Lack of Visibility and Accountability

The DPOs we work with talked about how they used to struggle with the limited tools available to them. Without the right tools, it is hard to enforce new policies and have full visibility over your organisation’s data. This affected the level of control they had in their role. One element that is important for DPOs to remember is that IT managers do not always know where all data is stored. They know exactly where data should be, but gaps can be found in technology and procedures. Without overall visibility, it is hard to detect and to resolve these issues.