PDP Week 2024: Defenders to Architects: Supercharging the Role of DPOs

The role of a Data Protection Officer (DPO) has evolved tremendously along with the data protection landscape. As this pivotal position continues to grow in complexity, a pressing question emerges - how can we, as DPOs, adequately prepare and adapt to such changes? Fortunately, this was the focal point of the panel discussion, “Defenders to Architects: Supercharging the Role of DPOs”, hosted during the Personal Data Protection Commission’s (PDPC’s) Personal Data Protection (PDP) Week 2024 on July 15 2024. 

The panel was helmed by subject matter experts, including Derek Ho, Senior Vice President, Assistant General Counsel, Privacy & Data Protection of Mastercard; Amos Tan, Chief Core Skills Officer of NTUC LearningHub; Barbara Cosgrove, Vice President, Chief Privacy Officer of Workday; Chris Ng, Chief Data Officer, Group Chief Data Governance and Protection Officer of National University Health Systems. Yeong Zee Kin, Chief Executive, Singapore Academy of Law, moderated the panel. 

The Dynamic Role of a DPO

The panel discussion emphasised the dynamic nature of the DPO role, which has evolved to encompass technical compliance experience, auditing skills and a legal focus. As Barbara Cosgrove, Vice President, Chief Privacy Officer of Workday, noted, “We've seen the role evolve to have more people who are looking at it from the regulatory perspective, as we're seeing the global regulations shift in this area that require the DPO to not only understand the technology, but also be able to understand the legal compliance obligations that are associated with it.” Emphasising, on the upward trend of DPOs adopting a regulatory perspective and the need for them to equip themselves with legal knowledge in the data protection space.

Reframing Challenges as Opportunities

Agreeing with Cosgrove, Derek Ho, Senior Vice President, Assistant General Counsel, Privacy & Data Protection of Mastercard, urged DPOs to reframe the challenges they face as opportunities for growth. He stated, "the new areas - whether it's cybersecurity, AI, or even competition law and data sharing - are opportunities for Data Protection Officers to branch into." He further highlighted the unique position of DPOs and encouraged them to mobilise the challenges at hand as an opportunity to connect and learn with others. Addressing the DPOs in the room, he said: “You're able to make connections between business, data, technology, processes, and that gives you that wealth of knowledge and information that sets you up for potentially other and bigger roles in the future.”

Be An Architect, Not a Defender

Emphasis on the import and potential of the DPO role continued to echo around the room. “DPOs can help facilitate if you know, in advance, exactly what your organisation is planning for the use of data, we are able to understand data flows,” shared Chris Ng, Chief Data Officer, Group Chief Data Governance and Protection Officer of National University Health Systems. He explained that by doing so, DPOs could then be part of strategic conversations on how organisations can use the data at hand instead of playing a reactive role of preventing other departments from embarking on certain projects due to data protection regulations. It would bode well for DPOs to ask themselves how they can be the first movers in architecting Security or Privacy by Design and their implementation roadmaps. As DPOs, there is real potential here to “play a very value-creating role for the organisation, and on an individual level, helps you cement yourself as a valuable contributor to the organisation,” concluded Ng. 

Giving DPOs a Hand

On the topic of bringing the skillsets of DPOs up to speed as the era of AI Governance gains ground, Amos Tan, Chief Core Skills Officer of NTUC LearningHub chimed in with how NTUC LearningHub will continue to work with industry partners and government bodies to bring multidisciplinary training to DPOs. Additionally, “we will be working with employers to ensure that they are aware of what is coming and how the technologies will impact data protection, so that they have the understanding to continue rendering support to the DPOs,” said Tan. 

In conclusion, the panel underscored the critical evolution of the DPO role from a compliance-focused position to a strategic, business-oriented function. By embracing challenges as opportunities and shifting their mindset from defenders to architects, DPOs can position themselves as invaluable assets to their organisations. With the support of industry partners and educational institutions, DPOs are well-equipped to navigate the complexities of the evolving data protection landscape and drive innovation while safeguarding sensitive information.