- Australia’s Privacy Act is under review, possibly modelled off the EU’s General Data Protection Regulation (GDPR)
- Updates to the Act may require Australian businesses to have Data Protection Officers (DPO)
- Businesses may need to upskill internally or look externally for the right skillset
As companies face increasing scrutiny on privacy, the emerging role of a Data Protection Officer(DPO) is gaining prominence. Australia’s privacy laws are under review, and these positions may soon be a staple in Australian workplaces if the updated laws are modelled off the EU’s General Data Protection Regulation (GDPR).
Under the GDPR, a DPO ensures that a company or organisation is processing personal data in compliance with data protection laws. While there is still some clarity required, businesses would do well to begin planning to integrate this role as part of their strategic team before it becomes a necessity. Business leaders should start considering how they might upskill or reskill employees for these future positions, strengthening their data governance. Only once the capture, storage, and use of an organisation’s information and data is understood can the potential risks be assessed, and strategies be implemented.
Some businesses may need to look externally to see if they can source talent capable to take on the responsibilities of data protection for the organisation. With the current state of the talent market, businesses should be taking proactive steps to ensure they are able to secure the best talent and retain them over time
The role requires technical expertise, a working knowledge of privacy policies and legislation, experience in performing audits of information systems, and communication skills. The EU recommends the person have a legal or IT background and be certified by recognised organisations.
Business leaders also need to understand what is being done with their information and data. The Office of the Australian Information Commissioner already states that if there is no longer a requirement or a reason to gather personal information, steps should be taken to ensure that they do not continue to collect it. As the laws begin to change, it is imperative that businesses take active steps to ensure that the way they approach data and data collection aligns with best practice.
The EU provides a window into Australia’s data protection future and forward-thinking business leaders will recognise that a DPO will soon be a pivotal role in strengthening data governance.