A guide for managers on their data protection obligations and duties.
The Manager’s Data Protection Duties
Author: Paul Lambert | ISBN: 978-1-911611-39-4 | Format: Paper Back 234 x 156 | Publication Date: October 2020
Data and data protection compliance are both business imperatives and legal obligations for all organisations, large, small, public and commercial. This book is aimed at those organisations and in particular the data protection duties of manager’s and their obligations to understand, identify and comply with data protection rules and duties.
Each manager of a department, or a specific responsibility, must assess the data issues and risks as are relevant to their individual department. The manager must assess what data exists; whether it is permitted for use; filter out (including deletion of) data that is over-broad or otherwise not permitted; and ensuring procedures to identify and eliminate processes that open up the risk of future unjustified data collections. While other agents of the company or organisation will have responsibilities in relation to data protection compliance, the manager of a department must also engage in best practices that focus on the data protection obligations of the department. Data protection compliance requires not just adherence to specific data protection legal provisions, but a full understanding of what data exists in the department, company or organisation, where it is located and for what purpose.
The personnel manager needs to be satisfied that all of the internal personnel records are fully data protection complaint. Just one of the dangers is that these issues are not addressed in appropriate reviews, contracts and policies. Another risk gap is that there may be policies, etc., but the manager omitted to appropriately include other non full time employees, such as those whom may be contractors, temporary staff, interns, or family members.
The marketing manager needs to be satisfied that all of the current and proposed marketing activities, customer lists, and user lists are all compliant with the new data protection rules.
Organisations should have undergone an A – Z review of data protection compliance in the lead up to the new EU General Data Protection Regulation (GDPR) go-live date. In many organisations there will be many activities and actions which carried over from the GDPR review. These need to continue to be actioned.
In addition, there is also a new Data Protection Act 2018 to consider.
Organisations should also have appointed a new Data Protection Officer (DPO) to assist in these efforts and to be the official point of contact internally and externally (for data protection supervisory authorities and for customers and users).
Critically, all Managers need to be aware of data protection compliance and related issues within their own Department. The Manager has duties and responsibilities.
The Manager cannot simply assume that someone else will do it, or that all data protection issues for their Department are already being dealt with by the DPO or some other Department.
This book is essential for all Managers in getting up to speed with their data protection obligations and duties as Department Managers. After all, there can now be personal responsibility for the Manager in addition to the company if data issues go wrong. They also need to enhance their understanding of data protection in terms of being able to interact with other parties on these issues.
PART 1: OBLIGATIONS
- Definitions and Concepts
- Types of Personal Data
- The GDPR
- Data Protection Officer
PART 2: MANAGER DATA REVIEW
- Manager Duties: Mapping the Data
- Manger Duties: Manager and Department Compliance
- Manager and Principles
- Manager Duties: Implementation
- Manager Duties: Deep Data Review
- Manager and Training Issues
PART 3: MANAGERS DUTIES & DIFFERENT DEPARTMENTS
- Personnel Manager
- Sales Manager
- Marketing Manager
- IT Manager
- Operation Manager
- Customer Service Manager
- Accounts Manager
- Research Manager
- Legal Manager
About the Author
Dr Paul Lambert. Paul has written over 15 books and editions on data protection, law and technology. These include: A Users Guide to Data Protection; Manager’s Data Protection Duties; and The Right to be Forgotten (Bloomsbury).
He is also the editor of Gringras, The Laws of the Internet; the International Journal for the Data Protection Officer, Privacy Officer and Privacy Counsel (IDPP); and E-Contracts (co editor).
Senior Consultant, XpertDPO.
Visiting Research Fellow, Institute of Advanced Legal Studies, University of London.