What's your name?
What position do you hold?
Head of Data Protection at eir
How long have you held the position?
I have been in this role for 7 months and previously held the position of Data Protection Manager for 7 months prior to that.
What are your day to day responsibilities?
* Providing input on the strategic direction of the company GDPR the programme
* Providing advice and guidance to all business units
* Conducting DPIAs
* Reviewing supplier agreements to ensure adequate GDPR provisions are in place
* Drafting internal data protection policies
* Liaising with the ODPC in relation to queries, investigations and notifications.
* Training Data Champions on specific areas of the GDPR that are relevant to their departments
* Conducting due diligence of third party suppliers
What is your professional background?
I am a certified Data Protection Practitioner with extensive GDPR knowledge. I joined the eir data protection team in August 2017 as the Data Protection Manager and have since progressed to the Head of Data Protection. Prior to joining eir I worked as a data protection consultant providing consultancy services across a range of sectors to support businesses in achieving and maintaining compliance with the General Data Protection Regulation, and prior to that the Data Protection (Amendment) Act 2003. These services included data protection executive assessments, privacy impact assessments, training, deployment of policies, quantifying risks and advisory consultancy services.
I also held the position of Data Protection Officer for a period of 3 years (2014-2016), at the Children’s Medical and Research Foundation (CMRF), the fundraising body of Our Lady’s Children’s Hospital Crumlin. I have over 10 years’ experience working in the not-for-profit sector. My previous roles within CMRF included, Compliance Officer - managing all governance and risk related areas, and Operations Manager - driving process improvement across the business. I also have experience in managing projects and working at executive Board level, reporting directly to the Chairman on data protection compliance and governance related practices.
Tell me about yourself away from work?
I enjoy socialising with friends and family. I go to the gym and take long walks whenever I have the time.
Tell us something very few people know about you?
I am a fluent Irish speaker and attended an all Irish speaking primary and secondary school.
You are speaking at our GDPR Summit on November 6th. What are you speaking about?
I will be discussing the importance of governance when implementing a GDPR programme to ensure that data protection controls are consistent throughout all business units.
6 months on from the GDPR deadline, what challenges do you see now for organisations implementing the new regulation?
In my opinion, as Data Subjects become more aware of their rights and as Data Controllers and Processors comply with their obligations to notify Data Subjects of data breaches, there will be a large increase in data protection related queries from the public.
Controllers and Processors will have to ensure that they have the required resources, with the required knowledge and skillsets, to respond to such queries within the allocated timeframe. This may require dedicated teams to respond solely to data protection related queries. As a result there will also be a rise in the volume of data access requests and erasure requests, again requiring dedicated teams. I also expect to see an increase in litigation on foot of Data Protection related breaches. Controllers and Processors will also see an increase in the level of engagement with the Supervisory Authorities as Data Subjects begin to channel their complaints through the DPC’s Office.
Pamela Stagg is speaking at the GDPR Summit on November 6th in Croke Park. See www.gdpr18.com for full details.