The Secret of Successful Data Privacy Consulting: 52 tips for data privacy experts

By Jana Moser

Data privacy is more than just law and technology. The book is written in a conscientious, understandable, interesting and even amusing way in order for the reader to be able to easily approach and comprehend the subjects of data protection, including its organization and communication. It is a practical and complementary addition to the classical legal literature on data protection law.

• Language: English
• Publisher: tredition
• Release date: Feb 27, 2019
• ISBN: 9783748232568

Book preview

A data privacy expert will only be successful in the sense of protecting data if passion and fun guide him on the way to find practiceoriented solutions for and with his customers.

1

Introduction

You are on the dark side of power now.

It was the direct comment by several persons I talked to when I decided to change from an internal data privacy officer to a pure corporate legal advisor. It was not just any corporation but the publishing house that was about to become Europe’s leading digital publisher, and in this context also increasingly process data. In my new job I had to optimally assist my employer in this very endeavor. To this end I had to find practicable solutions for data protection. Without data flow neither products nor processes will become digital after all.

The comment on my job change arose from a faulty assessment which becomes apparent when realizing that compliance with data protection regulations does not primarily depend on what a company has to offer but the consulting on data protection. Consultancy on data protection will only be good, pleasant and finally sustainable for all parties involved if it incorporates and can accommodate all interests and rights.

TIP 1: A data privacy expert will only be successful in the sense of protecting data if guided by passion and fun on the way to find practice-oriented solutions for and together with customers.

For one thing, it is necessary to consider the technical components the understanding of which being not only fascinating but even fundamental for the assessment in terms of data protection. For another thing, the economic and human components are crucial. Only if you recognize and consider them, too, you will be good at your job as a privacy consultant.

In this book I would like to give an account of my experiences and offer tips on how to work as a data privacy lawyer, data privacy officer or data privacy consultant in order to achieve the greatest effect, in my opinion, for the benefit of data protection, and last but not least, for the benefit of your client.

My focus is on advising companies rather than data subjects whose personal data are processed. When speaking of client or customer it always refers to the party employing you, no matter whether you are a lawyer or an employee who is to/may do the data protection job for his/her employer.

Details of specialized subjects and legal foundations have deliberately been ignored herein. You are given practical advice on the approach and argumentation that have turned out effective for me. I mainly touch upon the necessary knowledge, the practices of a data privacy expert and the organization, in particular the cooperation in the area of data protection. To this end, I compiled summaries, assessment tools, check lists, examples and useful tips.

You have picked up the right book if

• you are about to think whether to switch to privacy consulting and are looking for tips on how to approach in consulting;

• you are a data privacy expert already and want to gather some of my experience, or

• you want to build a data protection organization and are looking for some ideas and the pros and cons of it.

I would be glad if you liked my book. Do not hesitate to contact me if you have some more ideas, tips or suggestions in this respect.

Enjoy reading!

Yours faithfully,

Dr. Jana Moser

Sustainable advice on data protection is more than just fire fighting and creating paper tigers.

2

Passion

If one thing is necessary for a data privacy expert, it is passion both for technology, data flows and abstract relationships and also for digital business models and different interests and mindsets.

There are consultants and lawyers leaping at data protection – not least because of the General Data Protection Regulation in force since 25 May 2018 – as they think to have discovered a kind of Holy Grail. The monetary motivation of this kind of consultants is undisputedly powerful. On the one hand, it is pursued in a very targeted manner especially by big law firms and consulting firms true to the motto A lot helps a lot. On the other hand, it pushes other, non-legal consultants hoping for a new lucrative source of income.

With both models the client will have the initial impression Pooh, the data protection issue is now off the table. The client feels on the safe side, especially since he heard of heavy fines, competitors or consumer protection groups who may take legal action against him or the company if data protection is not adhered to.

The alleged feeling of safety often vanishes within a short space of time, however. As soon as the consultant left the house the uneasy feeling arises that though the company has now documentation, processes or contracts that can be presented. But what exactly they contain, which purpose they serve and how to handle them in future, let alone the question how they can be processed by the company itself, causes the responsible persons a migraine-like headache. In a next step, either an external data privacy officer is commissioned quickly, or everything handed over to the internal data privacy officer, the legal or even the compliance department asking them to maintain all that.

TIP 2: Sustainable advice on data protection is more than just fire fighting and creating paper tigers

If you want to give advice on data protection, you will have to analyze and optimize or even completely change the way your client/customer handles data, the internal procedures. Prefab check lists and imposed processes will not. The genetics of a company needs to be understood. It implies that you enjoy getting to know different people and tasks in a company and so understand the business model. You have to be curious to find out why a company deals with data protection and what attitude the individual persons take towards this topic.

Have courage and try to get to the bottom of the motives and identify prejudices. And here, you can only earn credibility and undertake self-marketing if you honestly show interest in the business model and understand whether data protection is not more than a hygiene factor for the company or a (significant) portion of its sales is based on data processing.

How best to proceed to identify and understand both the business model and your client, is outlined further below.