What does a data protection coordinator do and why is the data protection of a company important? To answer these questions, Tiziana, a dual student at Inwerken AG, conducted an interview with her colleague Benjamin on the occasion of the European Data Protection Day.
Tiziana: Hello Benjamin. Thank you for taking the time to answer my questions. Firstly, tell a little about yourself. Who you are and what exactly do you do at Inwerken?
Benjamin: Hello Tiziana. My name is Benjamin Seifert and I am a systems and network administrator at Inwerken AG. I have a wide range of tasks in the IT department. My activities include security, user support, procurement of hardware, conceptual design of the network for our new headquarters in Isernhagen, software validation, various technical tasks in the team and I am also a data protection coordinator.
Tiziana: Why is it important for a company to protect its data and what exactly does that mean?
Benjamin: Roughly speaking, it is important for a company to avoid knitting and also avoid confidential data, such as that of your own employees or that of your customers being viewed online. Public private data in the wrong hands can be used or manipulated against you regardless of the way and manner. Basically, companies are obliged to protect people’s right to informational self-determination and to handle personal data in compliance to the law. It is therefore very important to assume this obligation. It is also necessary to protect the company’s data in order to avoid cybercrime, such as Trojans, viruses, industrial espionage or hackers. These are among the commonly underestimated corporate risks.
Tiziana: When is a company obliged to appoint a data protection officer?
Benjamin: To make it absolutely clear again, I’m a data protection coordinator and not a data protection officer, the difference is that the coordinator is only the interface to the data protection officer. This means that Inwerken AG still has an external data protection officer with whom I am in constant contact and exchange of information. In the meantime, every company has to either appoint an internal data protection officer or to hire an external one. This applies to every company with at least ten employees who regularly process personal data. In my opinion, though, there are other individual regulations, such as for medical practices or health professions and law firms, where only one employee is required for the data protection officer position. It always depends on the industries and activity fields of the company. An intensive research and analysis on the subject of data protection is necessary beforehand so that the company is not threatened with any fines or similar consequences.
Tiziana: How long have you been a data protection coordinator?
Benjamin: I’ve been a data protection coordinator for about three years and taking on the task during that period. I followed my predecessor’s footsteps as to say.
Tiziana: How do you become a data protection coordinator? Do you need any further training?
Benjamin: Further training is not absolutely necessary because, as I have already said, the data protection coordinator is only the interface to the external data protection officer. With this, you have a lot of freedom to interpret the task and for me it is more like learning by doing. If you wish to deal more intensively with the subject of data protection, there are numerous seminars and training courses in which one can participate.
Tiziana: Does the task of being a data protection coordinator take up a lot of time in your day to day work activities?
Benjamin: Nowadays, much less than before I would say. There was a lot more to be learned and gained during the introduction of the GDPR in 2018. The preparations took a lot of time. Due to the move to our new headquarters, there are currently many update tasks and more to be done in the data protection area. Setting up the so-called TOM’s (technical and organizational measures) that are part of the GDPR is a good example. TOM’s generally stipulate how we protect and secure our data and what measures should be taken in an emergency. If there is a power failure for example, you can use TOM’s to obtain personal data.
Tiziana: How do you, as data protection coordinator, deal with your sensitive data in your private life? Do you have a few recommendations for action?
Benjamin: In general, I find it very important to always lock my computer when I leave work in order to avoid important and personal data being stolen. In the gym e.g. I noticed that the computer at the reception is always unlocked. You could simply get an insight into the customer’s databases. There are already ways to automate the locking of a screen and this is right now on our plans.
Tiziana: Would you like to be a data protection coordinator again?
Benjamin: I was happy to take on the data protection coordinator position. However, it is generally a little too dry for me. I am not generally a dry type and I enjoy the practical part of a task a lot more. It could be a very good option for someone who likes to engage and work in theory. Furthermore, many regulations in the area are not so clearly set and you do not have anything in black and white to fall back on. It is rather company specific. This sometimes, becomes rather confusing. Generally speaking, I would do it again if it had to be done. It is a position in which you learn a lot.
Tiziana: Thank you very much Benjamin. I have definitely enjoyed talking to you!
Benjamin: It has been a pleasure talking to you too and hopefully I was able to help you!