One of the functions of a Data Protection Officer (DPO) is to inform and cultivate awareness on privacy and data protection within the organization of the Personal Information Controller (PIC) or Personal Information Processor (PIP), including all relevant laws, rules and regulations and issuances of the National Privacy Commission (NPC).
Such task is not as simple as anyone may think considering that data privacy is somehow considered to be an abstract idea and is sometimes regarded to be unimportant. Thus, in order to spread the essential requirements of the DPA that should be complied with by the organization, a DPO must be able to master the subject and communicate it properly.
Here are some tips on how to effectively teach data privacy to all the stakeholders of the company.
- Do not assume that your participants are experts.
If there are terms and principles that should be explained, please discuss and communicate them clearly. Define the important terms to be remembered and do not use them interchangeably. Distinguish the concepts that should be differentiated. And provide practical examples for easy application.
- Study the subject.
Make sure that you know what you are discussing. Avoid giving poisonous information. If you are discussing the law, do not change the wordings of the law. If it requires legal interpretation, it will be helpful to interpret the provisions of the law according to the legal rules of statutory construction.
- Answer questions directly.
Every question has a corresponding answer. Go straight to the point to avoid confusion. If it’s a legal question, always ensure that you have a legal basis to support your answer. If possible, cite the specific rule, circular, advisory or opinion of the NPC.
- Organize your presentation.
Ensure that you start your discussion with the basics before going into the complicated discussions of the DPA. When discussing the five pillars of compliance, present it as a step by step process. Organize your thoughts and ensure that the flow of discussion is clear and logical. Allocate your time properly. Exert more time to clarify the gray areas of the law.
- Don’t scare your participants.
DPA provides for penal provisions in case of violations. For better appreciation, present it in such a way that they would understand and appreciate the requirements of the DPA to lawfully process personal data. Your participants should be influenced to do what they have to do to comply with the law not because they are afraid, but because they know its value.