The Manager's Data protection Duties

Each manager of a department, or a specific responsibility, must assess the data issues and risks asare relevant to their individual department. The manager must assess what data exists; whether it ispermitted for use; filter out (including deletion of) data that is over-broad or otherwise not permitted;and ensuring procedures to identify and eliminate processes that open up the risk of future unjustifieddata collections. While other agents of the company or organisation will have responsibilities inrelation to data protection compliance, the manager of a department must also engage in bestpractices that focus on the data protection obligations of the department. Data protection compliancerequires not just adherence to specific data protection legal provisions, but a full understanding ofwhat data exists in the department, company or organisation, where it is located and for whatpurpose.The personnel manager needs to be satisfied that all of the internal personnel records are fully dataprotection complaint. Just one of the dangers is that these issues are not addressed in appropriatereviews, contracts and policies. Another risk gap is that there may be policies, etc., but the manageromitted to appropriately include other non full time employees, such as those whom may becontractors, temporary staff, interns, or family members.The marketing manager needs to be satisfied that all of the current and proposed marketing activities,customer lists, and user lists are all compliant with the new data protection rules.Organisations should have undergone an A – Z review of data protection compliance in the lead up tothe new EU General Data Protection Regulation (GDPR) go-live date. In many organisations there willbe many activities and actions which carried over from the GDPR review. These need to continue tobe actioned.In addition, there is also a new Data Protection Act 2018 to consider.Organisations should also have appointed a new Data Protection Officer (DPO) to assist in theseefforts and to be the official point of contact internally and externally (for data protection supervisoryauthorities and for customers and users).Critically, all Managers need to be aware of data protection compliance and related issues within theirown Department. The Manager has duties and responsibilities.The Manager cannot simply assume that someone else will do it, or that all data protection issues fortheir Department are already being dealt with by the DPO or some other Department.