9,99 €
Mehr erfahren.
- Herausgeber: tredition
- Kategorie: Fachliteratur
- Sprache: Englisch
Data privacy is more than just law and technology. The book is written in a conscientious, understandable, interesting and even amusing way in order for the reader to be able to easily approach and comprehend the subjects of data protection, including its organization and communication. It is a practical and complementary addition to the classical legal literature on data protection law.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 109
Veröffentlichungsjahr: 2019
Ähnliche
The Secret of SuccessfulData Privacy Consulting
52 tips for data privacy experts
Dr. Jana Moser
October 2018
About the author:
Jana Moser is a privacy and innovation expert. She also coaches data privacy officers and companies on their data and IT projects.
Previously, when she was an attorney, she answered questions concerning data protection and privacy. She was also Head of Data Innovation at Axel Springer SE, where she led a group-wide data strategy project, with a focus on business and strategy.
Starting in 2007, Jana Moser worked as a knowledge architect, at KnowledgeTool International GmbH in Berlin. Before this, she was the legal counsel and privacy officer at studiVZ, a former, popular, German social network. From 2011 on, she worked as the in-house, legal counsel at Axel Springer SE for more than 2 years, after which she became an investment manager for 1.5 years. As legal counsel, she gave advice in particular concerning IT law, data protection, and various online web and mobile services. In addition to this, she supported a digital product portfolio ranging from data protection laws, to new digital innovations, as well as concepts such as bitcoin and blockchain.
From 2008-2010 Jana Moser wrote her doctoral thesis on “Browser Games and Client-Based Online Games – The Contractual Relationship Between Provider and User” at the European University of Viadrina in Frankfurt (Oder).
ISBN numbers:
978-3-7482-3254-4 (Paperback)
978-3-7482-3256-8 (e-Book)
This book was originally published in German and translated by inlingua Sprachschule Dresden GmbH & Co. KG, Germany.
Copyright: Text: Cover picture by Leya Nax, Dresden, Germany.
Dresden, Germany, February 2019
Contents
1 Introduction
2 Passion
3 The Client
3.1 The business model
3.2 The knowledge
3.3 The language
4 Your creativity
4.1 Finding solutions
4.2 Creative in scheduling
4.3 Working remotely
4.4 Preparing documentation
5 Human factor
5.1 The planning client / well-planned projects
5.2 The motivated client / high-risk projects
5.3 (Un)equal treatment
6 The organizational factor
6.1 Small businesses and agile projects
6.2 Large businesses and rigid rules
6.3 Bodies and corporate policy
7 Your function
7.1 The data privacy lawyer
7.2 The data privacy officer
7.3 The project member
8 The formalities
8.1 Statutory requirements of commissioning
8.2 Policy in commissioning
9 The data protection organization
9.1 The lone fighter
9.2 Cooperation
9.3 Recommendations for cooperation
9.4 Data privacy officer – internal or external
10 Positioning within the company
10.1 Data protection as a stumbling block
10.2 Data protection as a partner
10.3 Data protection as law
11 Final advice
Summary of 52 tips
List of tables, check lists and lists of questions
Index
"A data privacy expert will only be "successful" in the sense of "protecting data" if passion and fun guide him on the way to find practiceoriented solutions for and with his customers."
1
Introduction
"You are on the dark side of power now."
It was the direct comment by several persons I talked to when I decided to change from an internal data privacy officer to a "pure" corporate legal advisor. It was not just any corporation but the publishing house that was about to become Europe’s leading digital publisher, and in this context also increasingly process data. In my new job I had to optimally assist my employer in this very endeavor. To this end I had to find practicable solutions for data protection. Without data flow neither products nor processes will become digital after all.
The comment on my job change arose from a faulty assessment which becomes apparent when realizing that compliance with data protection regulations does not primarily depend on what a company has to offer but the consulting on data protection. Consultancy on data protection will only be good, pleasant and finally sustainable for all parties involved if it incorporates and can accommodate all interests and rights.
TIP 1: A data privacy expert will only be "successful" in the sense of "protecting data" if guided by passion and fun on the way to find practice-oriented solutions for and together with customers.
For one thing, it is necessary to consider the technical components the understanding of which being not only fascinating but even fundamental for the assessment in terms of data protection. For another thing, the economic and human components are crucial. Only if you recognize and consider them, too, you will be good at your job as a privacy consultant.
In this book I would like to give an account of my experiences and offer tips on how to work as a data privacy lawyer, data privacy officer or data privacy consultant in order to achieve the greatest effect, in my opinion, for the benefit of data protection, and last but not least, for the benefit of your client.
My focus is on advising companies rather than data subjects whose personal data are processed. When speaking of client or customer it always refers to the party employing you, no matter whether you are a lawyer or an employee who is to/may do the data protection job for his/her employer.
Details of specialized subjects and legal foundations have deliberately been ignored herein. You are given practical advice on the approach and argumentation that have turned out effective for me. I mainly touch upon the necessary knowledge, the practices of a data privacy expert and the organization, in particular the cooperation in the area of data protection. To this end, I compiled summaries, assessment tools, check lists, examples and useful tips.
You have picked up the right book if
• you are about to think whether to switch to privacy consulting and are looking for tips on how to approach in consulting;
• you are a data privacy expert already and want to gather some of my experience, or
• you want to build a data protection organization and are looking for some ideas and the pros and cons of it.
I would be glad if you liked my book. Do not hesitate to contact me if you have some more ideas, tips or suggestions in this respect.
Enjoy reading!
Yours faithfully,
Dr. Jana Moser
"Sustainable advice on data protection is more than just fire fighting and creating paper tigers."
2
Passion
If one thing is necessary for a data privacy expert, it is passion both for technology, data flows and abstract relationships and also for digital business models and different interests and mindsets.
There are consultants and lawyers leaping at data protection – not least because of the General Data Protection Regulation in force since 25 May 2018 – as they think to have discovered a kind of Holy Grail. The monetary motivation of this kind of consultants is undisputedly powerful. On the one hand, it is pursued in a very targeted manner especially by big law firms and consulting firms true to the motto "A lot helps a lot". On the other hand, it pushes other, non-legal consultants hoping for a new lucrative source of income.
With both models the client will have the initial impression "Pooh, the data protection issue is now off the table". The client feels on the safe side, especially since he heard of heavy fines, competitors or consumer protection groups who may take legal action against him or the company if data protection is not adhered to.
The alleged feeling of safety often vanishes within a short space of time, however. As soon as the consultant left the house the uneasy feeling arises that though the company has now documentation, processes or contracts that can be "presented". But what exactly they contain, which purpose they serve and how to handle them in future, let alone the question how they can be processed by the company itself, causes the responsible persons a migraine-like headache. In a next step, either an external data privacy officer is commissioned quickly, or everything handed over to the internal data privacy officer, the legal or even the compliance department asking them to maintain all that.
TIP 2: Sustainable advice on data protection is more than just fire fighting and creating paper tigers
If you want to give advice on data protection, you will have to analyze and optimize or even completely change the way your client/customer handles data, the internal procedures. Prefab check lists and imposed processes will not. The genetics of a company needs to be understood. It implies that you enjoy getting to know different people and tasks in a company and so understand the business model. You have to be curious to find out why a company deals with data protection and what attitude the individual persons take towards this topic.
Have courage and try to get to the bottom of the motives and identify prejudices. And here, you can only earn credibility and undertake self-marketing if you honestly show interest in the business model and understand whether data protection is not more than a hygiene factor for the company or a (significant) portion of its sales is based on data processing.
How best to proceed to identify and understand both the business model and your client, is outlined further below.
What really counts, then, is that you not only work with passion but also market your activity with passion. You have to really mean and feel what you say. Your honest passion can be marketed in a more resource-saving and efficient manner. It is much more difficult building a legend and being forced to maintain it all the time.
You need not attend any self-marketing seminar. Try and apply very simple methods in the direct communication with your client. Everything helps that builds confidence and identifies you as an approachable, interested and efficiency-oriented consultant.
Here are some examples:
Table 2.1 Examples — Communicative methods of self-marketing
Communicative method
Effect/Objective
Always offer your assistance and listen first. Ask questions to learn details and make clear you being seriously interested in understanding everything. Always act in an unbiased manner.
Do no put yourself before your client.
You minimize fears (in particular of legal advice) and build confidence towards you.
Avoid replying promptly "It does not work this way" but instead "It is exciting although not quite easy but together we will find a solution."
You show problem-solving competence.
You meet with your client on equal footing and appreciate its competence.
You build confidence towards you.
Show interest in why the data are processed. Ask for the economic and strategic reasons.
You show that you appreciate your client’s competence.
You show your own interest and also your readiness to play a part in finding solutions and ability and willingness to think outside the data protection box.
Also talk about subjects that have nothing to do with data protection.
You show that you perceive and appreciate your client and colleague resp. as an entire personality.
You demonstrate your global interest and that you are willing and able to think outside the data protection box.
Respond as quickly as possible to all inquiries. Even a solution or possibly, a text is not immediately at hand, let the client know at least that you will look into the matter, and when a substantive reply can be expected. At best, ask suitable questions right away that will make your future answers easier.
You show that your client can rely on you and does not walk this road alone.
You involve the client from the very start to get the necessary information quickly and explain at the same time why you do what you do.
Initially explain in simple words why you do or not do something. Resort to complex explanations or even expert opinions where appropriate only.
You demonstrate that you know what you are talking about.
This creates confidence towards you again because you do not talk in riddles.
You display business-like thinking and the awareness that time is money and how a practice-oriented and efficient consulting service should look like.
Keep asking questions.
You make clear that your client is an expert and you depend on him.
You show the matter being handled by you in a customized manner free of any stereotyped thinking.
You also show you not being perfect (=human) and perhaps do not know everything.
Less is more! Think of the cost effectiveness of the consulting service from your client’s perspective.
Not everything needs to be reinvented and new documents prepared each time.
You show that your client’s needs are important to you. You build trust. You reveal entrepreneurial thinking and the awareness that time is money and how a practice-oriented and efficient service should look like.
When you provide data privacy consulting services internally as a lawyer or corporate data privacy officer, another simple and moreover very pleasant method is to meet with your colleagues from different departments for lunch or a cup of coffee. It is an opportunity to combine two good things.
Even though I am not a marketing expert I know that authenticity is of essence.
TIP 3: Never play a role, always stay authentic!
Your consulting services will be such better if you stand behind the subject rather than merely looking at it as a financial resource. And your clients and colleagues will notice and appreciate it. For that reason alone, you will be trusted much more– trust you absolutely need to obtain information for data processing which you would never get otherwise.
