You’ve been given the responsibility to address data protection (and maybe access to information) in our organisation. You might have even been made the data protection officer (or information officer) for your organisation. You are excited and scared at the same time. You are interested in the topic and know that they are significant issues which are going to in many ways shape the future of organisations. You have some knowledge of the topic, but you have a lot to learn. It is a specialist topic that wasn’t covered at University. It is not the only thing you have to do, you’re also responsible for other things, like complying with various laws, concluding contracts and giving legal advice. You want to be successful in the role and make a success of it.
One challenge is that you have a limited budget. You have enough budget to outsource some of the tasks, but you need to do lots of it yourself.
One thing you do know is that if you get it wrong (and your organisation suffers significant reputational damage) you’re going to be in big trouble and career limiting.
You need to raise your level awareness of data protection – what are your options? Not your organisation’s option, your options. What is the best option for you personally to crack data protection?
Attend a data protection workshop – a good option
What about a data protection workshop? By a workshop, I mean an event at a fancy venue where there is one speaker (often a lawyer or subject matter expert) and between 10 and 30 delegates. The speaker is getting paid, so they prepare extensively for the workshop by looking at your specific organisation, thinking in advance what is relevant. The speaker tailors the content for you and answers your specific questions. The content is practical, insightful and helpful. You feel you’ve received value in the workshop itself, not a promise of value to come.
The workshop I’ve described is our one-day data protection workshop. And the description is based on the feedback we get from the thousands of delegates who have attended our workshops over the last five years. One day is enough. It’s cheaper than two days and can be covered in one day.
“Thank you very much for a truly phenomenal course yesterday. I cannot recall when I last walked out of any course with the knowledge that the content and take away far exceeded the cost of it. The entire presentation, content and dynamic of the interaction was truly sublime.” A recent delegate at one our workshops
What you don’t want from a workshop is a law lecture. An academic monologue of the topic starting at the beginning and going all the way through to the end. We’ve all sat through those workshops thinking:
- When do I get to ask a question?
- But this isn’t relevant to me?
- What does this mean for me practically?
- How do I apply this practically in my organisation?
- Surely it can be simpler than this?
We guarantee you; you won’t ask these questions at our workshop and if you do, we’ll give you a full refund. No questions asked.
Join a data protection programme – sounds good
By programme I mean an online resource where you can read practical useful information about different aspects of the topic, you can watch a recorded live webinar of a subject matter expert talking you through it. Access to tools, checklists and templates so that it’s quick and easy to get things done. You can click on the most useful resources on the Internet and use them. A forum to ask other members questions about the topic and find the practical answer from others doing the same thing as you. You can give as many people from your organisation as you want access. So, when someone from IT asks you a tricky question, you can add them to the programme and send them a link to the relevant module for them to watch and find the answer they want.
On a personal level, you’ll raise your awareness and knowledge, but you’ll also get experience in actually applying that knowledge to an organisation practically.
You can divide the modules up between different people in your organisation and make them responsible for going through them and implementing the actions set out in the module. In other words, you can empower others in your organisation to do the necessary. Others in your organisation can also raise their awareness to the extent that they want to by working through the modules that interest them.
You can find guidance on what actions to take first. Work through lists of quick wins.
It’s not cheap but when you consider that an unlimited number of people from your organisation can join, it is practical and will help you actually do what you have to do, it doesn’t sound that bad.
If you had to do it with a lawyer or consultant in person, it would cost you 10 times more. If you wanted a lawyer to do it for you, it would cost 100 times more and you wouldn’t be empowered to run with it after they have left. With the programme you can do 80% yourself and if need, you can get a lawyer or consultant to do the final 20% for you.
Attend a conference – maybe not
There are a significant number of conferences each year on data protection. By a conference I mean a one- or two-day event at a fancy venue where there are multiple speakers from different organisations (like lawyers, regulators, solution providers) and between 50 and 200 delegates attending.
The cost of booking your seat at these conferences isn’t cheap and many of them are in other countries to the one you’re in. If you have to add travel and accommodation to the cost, it adds up. They’re also often at a time that is not convenient – like 6 months away. You need awareness now!
Sometimes they feel like you’re watching a comedy show that isn’t very funny. The speakers never really get to the point and keep almost sharing the golden nuggets of their experience but not quite. They’re usually selling something – either a solution or consulting services. You can’t really blame them because they often aren’t paid to speak, or they have paid for the privilege to speak to you.
They often repeat things that others have said, warming you up but never really sharing the practical useful independent insights you need. The presentations aren’t really relevant to you (or your organisation) because the speakers don’t know who the delegates are. There are in any case too many delegates for the speakers to customise the content for each one.
Join the IAPP and get certified – too expensive and impractical
What about joining the International Association of Privacy Professionals (IAPP), writing their exam and becoming a certified what what. Or obtaining a BCS GDPR and Data Protection certification. Oooh, that looks interesting. You’ll get an International qualification and you will be able to prove to everyone that you know everything about data protection. People will listen to you damn it! It will look very good on your CV and if you crash and burn at your current organisation, at least you’ll probably get a job somewhere else.
It does sound like a good option, but you have some concerns.
- It is expensive like about USD1,000 to get one certification because you have to join the IAPP, buy the study material and pay for sitting the exam. Will my organisation pay for it or will I have to pay for it myself?
- It is going to take you about 10 days of time to prepare for the exam. You could use your leave but you have other plans – like having some fun.
- What if you fail? Yes, you can write again but there’s another fee for that.
- You have to keep your certification valid by attending classes each year and paying for them.
- It’s not very practical. You’ve looked at the content that will be covered and it includes things like the history of data protection. Is that really going to help you deal with the issue practically in your organisation?
- Remember: It is a certification for an individual, not an organisation.
Could be a good option if you plan to make a career of it and only focus on data protection. But you’re not sure you’re ready for that.