Spotlight on Nic Rodriguez, Business Process Analyst

In this edition, we feature Nicholson Rodriguez, CIPM, Certified DPO, who is working in MediaQuest Holding Inc., a media holding company. Nic has more than 10 years experience as business process analyst focus on Process, Privacy, Compliance and Quality Management.He has various certifications on Lean Six Sigma Green Belt, ISO 31000 Risk Manager, COBIT 5 Foundation and ITIL v3.

Share about your background 

I am a business process analyst by profession who balances productivity, control and compliance by implementing and/or redesigning best in class standards and practices. I initially started with process documentation until organisational changes led me to risk, compliance and privacy tasks. I practiced all of it, in full or partially, in the telco, bank and media industries. It was in the telco and media industries that I had my extensive exposure to standards and practices that are useful in my Privacy Program activities.

How has your skill and knowledge in Data protection helped you in your career?

It made me conscious of the social impact of recommendation as an output of my work. Cost-effective measures should not compromise the interest of anybody who knowingly or unknowingly gave their personal information in exchange for a product or service.  My data protection role in my organisation includes:

1. Privacy Impact Assessment - Reviewing PIAs submitted by process owners before it is endorsed by DPO for approval

2. Privacy Programme Management - Create Privacy Programme each year to guid Privacy team on what needs to be done, sort of like DPMP (Data Protection Management Programme)

3. Policy and Process Documentation - Create policy and process documentation to be consulted with and approved by DPO and other concerned business units.

4. Audit - Point person for privacy audit conducted by internal and/or external resources.

How is it that you got interested in data privacy/protection? When did you first get involved and exposed to the importance of data privacy?

Regulatory enforcement introduced me to the Data Privacy Act and it coincided with an incident on unauthorised use of my personal information taken from a social media site at that time. These two fuelled my desire to learn more about privacy concept and practices.

What data privacy courses did you take from Straits Interactive /DPEX network and why?

I enrolled and passed the courses on Certified Information Privacy Manager, Hands-on data protection and cybersecurity course and GDPR in Asia. Straits' methodology is simple, practical and easy to relate and recall. Straits methodology helps you to do a sustainable compliance programme.

What is your current job role? Which privacy functions are you involved in? (or what privacy opportunities do you hope to pursue and which specific functions)

I am an IT Business Process & Knowledge Manager and am currently in transition to becoming an IT Control and Assurance Manager.  

What advice do you have for others?

Choose your training provider carefully. It pays to know their potential value-add to your professional growth and personal advocacy, by doing research on them.

What practical advice would you offer to those wanting to implement a data protection management programme in their organisation?

Be practical about it. Research, create or develop sustainable practices that promote privacy culture. My parting words, with regard to privacy and data protection, is: “Privacy is a social responsibility of all!”