While everyone must be mindful of data protection, how it impacts each role varies greatly. In the following we briefly introduce distinct matters for some common organisational roles.
Human Resources
HR handles personal information such as employee records, recruitment data, and sensitive personal data like health details. Processing person data is central to their role. They are used to managing consents, retention policies, and maybe also handled data access requests from employees or job applicants.
Marketing
Marketers work with large volumes of customer data, collected from various channels, and they might have a tendency to collect more than what legal desire. Under GDPR, they must have clear bases for any marketing activities involving the processing personal data, whether it’s sending emails or tracking users online.
Information Technology
IT departments are responsible for the security of the systems that store and process personal data. They manage everything from encryption to data breach response plans, and help ensure that GDPR principles such as Privacy by Design are implemented and the organisation’s data remains secure.
Legal
Legal teams ensure that the organisation’s privacy policies, contracts, and third-party agreements align with GDPR regulations. They could be the first point of contact for GDPR queries and play a vital role in responding to data access requests and managing legal risks related to data protection.
Leadership (CEOs and Board Members)
CEOs and board members might not deal with a lot of data in their day-to-day work, they are ultimately responsible for GDPR compliance and information security across the organisation. Leadership must set the direction, act as an example and prioritise data protection, allocate resources for compliance, and ensure a privacy-focused culture throughout the company.