Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Ep 71: Privacy, Facial Recognition, and Semi-Pro Football with DPO Paul Collier
60 Plays10 days ago
What does a Data Protection Officer do? How is it different from your privacy counsel? And how might a DPO help your company with cutting-edge issues like regulations around facial recognition or biometrics?
Join Paul Collier, data protection officer at The DPO Centre, as he shares how the skills he gained as a front-line police officer have helped him counsel clients on how to balance complex privacy regulations with business goals.
Listen as Paul discusses how companies can use facial recognition technology while safeguarding privacy, how in-house legal departments can work best with DPOs, his side hustle as a part-time semi-professional football referee, and much more.
Read detailed summary: https://www.spotdraft.com/podcast/episode-71
Topics:
Introduction: 0:00
Working as a front-line police officer: 2:00
What does a Data Protection Officer do?: 6:06
Considerations when hiring a DPO: 9:26
Counseling companies on facial recognition: 11:33
Should governments regulate facial recognition technology?: 16:00
How DPOs manage expectations with resistant clients: 20:36
How DPOs can work effectively with legal departments: 23:49
Becoming a semi-professional football referee: 25:23
Rapid-fire questions: 30:06
Book recommendations: 32:13
What Paul wishes he’d known as a young lawyer: 33:33
Connect with us:
Paul Collier - https://www.linkedin.com/in/paul-collier-a2121056/
Tyler Finn - https://www.linkedin.com/in/tylerhfinn
SpotDraft - https://www.linkedin.com/company/spotdraft
SpotDraft is a leading contract lifecycle management platform that solves your end-to-end contract management issues.
Visit https://www.spotdraft.com to learn more.
Recommended
Transcript
Bias in Facial Recognition
00:00:00
Speaker
Are there still problems with the technology? Yes. There are algorithmic biases, if you don't do things correctly. There are a number of studies, quite a lot of them done in the US actually, where facial recognition algorithms have exhibited bias, particularly towards ethnic minority groups, and people of colour. So it does still have its problems, but and they and they will and often do result in higher false positives.
00:00:26
Speaker
in targeting certain ethnic groups. It's not just ethnic groups. They often find it more difficult to deal with females instead of males for some reason and age. So the older or younger you are, it seems to pick you up more than than if you were in what I would call the the middle Goldilocks band of ages. So yeah, it does. And obviously that would could potentially lead to discrimination if used incorrectly.
Paul Collier: From Police to DPO
00:00:56
Speaker
What does a DPO do? How is it different from your privacy counsel? And how might a DPO help your company with cutting edge issues like regulations around facial recognition or biometrics?
00:01:13
Speaker
Today, we are joined on the abstract by Paul Collier, DPO with the DPO Center. Paul is the first dedicated DPO that we've had on the pod. And while I'm going to have him explain what a DPO does, in general, he helps companies handle GDPR and other privacy compliance matters from a pretty objective sort of external perspective. Before becoming a DPO, Paul spent 12 years as a frontline law enforcement officer in the UK. He also, and we're going to talk about this too, at referees semi-professional football in his somewhat limited free time. Paul, thanks for joining us today. You're welcome. Thanks for the invite.
00:02:00
Speaker
Let's get started with your time in law enforcement because I think that's a really interesting sort of training ground for becoming a DPO. What what type of policing were you in? so For the majority of my career, I was what they call frontline police officer. so In the UK, if you dial 999,
00:02:20
Speaker
the equivalent of 911 in the US. the The responding officer effectively would have been me or one of my colleagues. So yeah, we were the the first line of defence for all of the emergencies that happened in the area that I was working in.
00:02:34
Speaker
That sounds like a high stress job from time to time. Yes. or or All of the time. All of the time. um What are the sort of skills that you think were transferable from your time in law enforcement to to when you became a DPO and did data protection start to feature in your professional life even before becoming a DPO or was this a totally new area for you to learn? ah Both really. So it isn't something that you're taught as a standalone item when you're within the police. However, confidentiality and understanding about privacy and things are pretty much standard, as you would expect. So there are certain things about the role that you don't want everyone knowing. And there are certain things that you discuss and certain elements of the job that clearly people don't want to be widely shared around with other people. So
00:03:27
Speaker
it's there, although it's not necessarily a fundamental aspect of it. However, it's a really good question, because you don't think about transferable skills unless you are asked the question. But I suppose it's things like analytical skills. So complex policing situations are pretty similar to the complex situations that I deal with now. Clearly, there's a legal knowledge, you need to have a base level of me legal knowledge. And I suppose the The key part really is investigative skills, crisis management. So when we deal with certain parts of ah data protection like data breaches and things like that, those skills are very transferable, as well as kind of I suppose that this the talking, the communication, and the yeah being able to engage someone's attention for a period
Role and Skills of a DPO
00:04:16
Speaker
of time.
00:04:17
Speaker
Build trust, basically. Exactly. Exactly. Making sense that I know what I'm talking about, which hopefully is ah is ah is a good skill to have. Right. The investigative part, that's interesting. I actually do see those parallels. I spent part of my career working on privacy issues. And when you're working with product managers or marketing folks, you're thinking about data, a lot of the time your job is making sure that you ask the right question, I think. or that you don't miss the opportunity to ask the question that you should ask. I'm curious how how you think about that and maybe what that was like also as ah as a police officer. It's the way that you phrase things often. so For example, you ah you were always told never to say,
00:05:00
Speaker
Oh, I know what you are going through because often you don't know directly what somebody is going through. You may have similar ah experiences that you can take what you experience and say, well, I can see why you may be feeling or thinking a specific way, but you never truly know what somebody is going through.
00:05:19
Speaker
And it's very much the same in in my role now. Often people will know what they want to tell you, but they won't know how to tell you it. And so you need to be able to ask the right questions to tease out the information that you need. Because, and I'm guilty of this sometimes. And if I start on this call, please just start waving at me and say, I have no idea what you're saying. But we slip into slang and terminology and things like that. And it people just don't understand. So in my head I've got this kind of this real template of how I want the conversation to go, and I totally forget that the person on the other end may have no idea what I'm talking about. It may be that they've been volunteered to talk to the DPO about what's going on, so it's understanding and talking at a level that the other person understands, I guess.
00:06:05
Speaker
Okay. What does a DPO do in in your own words? I sort of explained it, but but you explained for us. and And also I guess there's a question there, which is like, how does a DPO differ from say the privacy counsel that may be in-house working on your legal team or the partner at the law firm who specializes in privacy or data protection?
00:06:27
Speaker
What do we do? I like to see us as the bridge between the complex legal side of the world and the operational side of things. So one of the things that we do or that we try to do as the DPO is to facilitate the ah the business doing what they want to do with data or with new innovative technologies. And then saying to them, there are ways that you can do this that are more compliant than others. and One of the myths about privacy data protection is that you can become 100% compliant. I don't think I've ever seen anyone 100% compliant. So it's around yeah and risk profiling, I guess, saying to them, well,
00:07:12
Speaker
How much risk are you willing to take what what if this goes wrong how can you deal with that as an organization or as a department and so it's being that bridge between the complex legal world and the operational requirements of the business to operate and often make money that's what businesses are in it for to to make money so that's.
00:07:30
Speaker
That's what I do and we do that a number of different ways. A lot of it is questionnaires and audits. A lot of it is understanding what the business does and being able to say to them, tell me what you want to do and I'll do the translating.
00:07:44
Speaker
ah you tell me what you want to do and I'll tell you options how you may achieve that. So that's pretty much my day to day, to be honest. An advisory role. Sure. A big theme of this podcast is that there isn't one right path in legal or legal adjacent roles. You come out of a ah law enforcement background. So I think I know the answer to this question, which is, do DPOs have to be lawyers? It'd be trained as lawyers.
00:08:11
Speaker
but but Moreover, right I'm curious you know what perspectives you think it's important for the DPO to bring to the table or what training the DPO needs to bring to the table, absent say, a law degree. No, they don't have to be trained lawyers.
00:08:27
Speaker
but Can it help? Yes. Because a large proportion of what we do is understanding the legislation and being able to understand it is the first part to being able to implement it or advise other people on what they should or shouldn't be doing. I think, like I've explained really, what we try to do is balance the operational implementation alongside the legal requirements. And I think if you have a base level of legal knowledge, great. That that kind of puts you one step ahead but of everybody else. But there are a lot of other sort of qualities that you need, some of which we've spoken about really patience and resilience and sometimes accepting the the advice that you give may turn out to be turned down or right disregarded for whatever reason.
00:09:14
Speaker
So yeah, it's been able to have the thick skin to say, it's not me. it It's not what I've said that they hate. It's the fact that it doesn't for whatever reason fit with their particular business profile at that time.
00:09:26
Speaker
If a company is looking to hire their first DPO and sometimes this happens internally, they give someone they did a protection officer title, there's an appointment process that happens with that. Sometimes they turn to someone like you who's outside the business. What are the sorts of things that they should be considering or how do you advise folks on making that sort of decision? No doubt, we'll probably cover this at some point anyway about one of the things I like and dislike about my job. But one of the, I suppose, my dislikes is that people put qualifications as being the be-all and end-all and saying, you must have a professional qualification. You must have a string of letters after your name that passed lots of exams and you've done all of these fancy, got certificates up on the wall and things like that.
00:10:17
Speaker
don't get me wrong that's important but for me practical experience of doing it in real life is probably the most important because you can learn to pass an exam but putting that into practice is the hardest thing and being able to understand where you can shift the goal posts from one area to another and say, well, this is slightly more or less risky than the other, but it's still relatively fine. So that that's invaluable. it's baant It's balancing that business need with the compliance requirements, I guess is probably the easiest way to say it.
00:10:53
Speaker
other things. Again, we've touched on it, but can they communicate what can often be tough, complicated legal issues in a really simplistic and easy to understand way? Can you translate what is a lot of words and jargon into something that a CTO chief technology officer may understand? you know Can you translate it to the HR director? that Those types of people.
00:11:17
Speaker
yeah That's really important as well at the same time. And resilience. Can you take a note every now and again? Can you take a, well, I think you're wrong, Paul. I hear that more often than not, to be honest. butre We're going to talk about that in just a second because one of the areas that you have ah specialized in or that you've been able to work with a number of clients on is
Concerns with Facial Recognition
00:11:40
Speaker
facial recognition. This is obviously also a hot topic for for folks. you know You go to the airport now and you have the ability to board a plane more quickly or go through passport control because of facial recognition. You're seeing this potentially show up in supermarkets and and other places. Open and an iPhone, right? And facial recognition technology is is powering that. What are some of the issues that you're seeing emerge and based on what you can talk about too, like what are some areas where you're finding your consistently counseling clients around regulations on on this issue. I think probably the kind of the underlying problem or the underlying issue is that there's a fundamental lack of understanding about the technology and what it does.
00:12:27
Speaker
And there have been so many stories in the news and in legal cases where it it's wrong, it's terrible, it does such terrible things. And actually, I would probably label it as a misunderstood technology. Like most things, anything can be terrible and horrible if you use it wrong. But if you use it in the right way, actually, it's a really useful tool. A car, for example.
00:12:49
Speaker
A car in itself is a very safe and efficient way to get from A to B, and in itself isn't dangerous. However, if you put somebody behind it who maybe is intoxicated or has decided to drive it 150, 130, it's dangerous. and But the tool itself isn't dangerous. And I think facial recognition recognition technology is very much like that. The tool itself is very useful. You just need to have the controls in place to use it properly. In the UK, we're relatively ah lucky in that we can use it in a supermarket in a private setting rather than law enforcement, which is aha the most prevalent use in parts of Europe and obviously in the inner States as well. I think having total transparency for me is key. So transparency, accountability, just helps them gain trust in the system. It prevents allegations of, you know, Big Brother is watching and state surveillance and all of these things that people panic about all of the time. I think that helps the baseline and then everything else after that is, I wouldn't say easy, but it's a lot easier. I suppose from my point of view, and you're going to look at me smiling, consult the experts, consult the people who know what to do.
00:14:06
Speaker
don't think that you can read a ah five-second clip on Google and think that you can then go away and do this. If I say to you the last time that I did this for one of our clients, it took a 70-page DPIA, so Data Protection Impact Assessment, and the creation of approximately 25 other documents on top of that that just cover the whole ah suppose suite of compliance documentation that we needed. So this isn't ah an easy thing. But at the same time, it shouldn't be something to be scared of. It should be a embrace it and use it properly. And it can be a very, very useful tool. Hey there, legal teams. Big news. Spotgrass fall releases here and it's our biggest update yet. With over 15 new features, it's packed with tools to make contracting faster and simpler for you.
00:14:58
Speaker
Want complete control over your workflows? You've got it with customizable approvals that actually fit your processes. Looking for clarity? Use Spotraft's new analytics offering to uncover insights and find ways for your legal team to move faster. We've also made it easier to manage your agreements with the new Legal Hub, a straightforward way to publish and update terms online without waiting on IT or marketing.
00:15:26
Speaker
And here's the game changer. Our AI tools, like verify, take on the boring stuff, contract reviews, and metadata extraction, so your team can focus on making decisions that matter. It's everything you need to manage your contracts your way. Check it out at spotdraft dot com slash fall release that's spotdraft dot.com slash fall dash release. release.
00:15:55
Speaker
Now let's get back to the podcast.
00:16:01
Speaker
I mean, at DPIA, it's in response to sort of a requirement under the GDPR. I'll talk about it. So I read a book earlier this year that I thought was interesting after a privacy conference in DC. It's by this author, a journalist at the New York Times, Cashmere Hill. It's called Your Face Belongs to Us. And it was really focused on Clearview AI, which just stood up a product that initially was quasi-publicly available that allowed people to walk around with iPhones and identify other folks on the street. Now it's only available because of ah a lawsuit and a settlement to law enforcement officers, as you're indicating in the US. I mean, you can see all these beneficial use cases, but to it also, it sort of feels like Pandora's box has been opened and hey, what if other people start using this for less reasonable outcomes than, hey, we want to like get you through passport control faster so that way you don't wait in a two and a half hour line and miss your connecting flight. ah What do you think about the possibility of states
00:17:06
Speaker
governments regulating this sort of technology, do you think that that could go too far? Or do you think that that's necessary? In other words, like, should companies be having to fill out 70 page DPIAs and draft a bunch of other documents and stand up a compliance apparatus around this technology? Does it warrant that level of sort of legislative and regulatory scrutiny? I think you can see a real life example of where you've gone to the other end of the spectrum. So China are a really good ex example. sure ah It's well known that they are a surveillance state. they You can Google it pretty straightforward and and come up with examples of times when they've got cameras, camera, camera, camera, and they've all got facial recognition technology and everything else in it. in certain parts of China, you need to have downloaded apps with your face on it to be able to use that as a payment system. They they don't accept cash anymore. So they are the extreme end of where I think this could end up without that regulation. Do I think that 70 page documents are necessary? I think the one that I did recently was a and an outlier and it was done
00:18:19
Speaker
to the very top level because we needed to for that particular deployment. Do we need to cover off accountability? Yes. The benefit of that is not only internal, but external. So it benefits the data subjects, the people who are being captured by the systems, but it also benefits the company because they say, well, do we really need to do this? Can we do this in a less complicated lesson intrusive way and some brain take They don't realise that without going through that process. So that's why I think it's it's beneficial. Are there still problems with the technology? Yes. There are algorithmic biases, if you don't do things correctly. There are a number of studies, quite a lot of them done in the US actually, where facial recognition algorithms have exhibited bias, particularly towards and ethnic minority groups.
00:19:10
Speaker
ah People of colour, so it does still have its problems, but and they and they will and often do result in higher false positives. in targeting certain ethnic groups. It's not just ethnic groups. They often find it more difficult to deal with females instead of males for some reason and age. So the older or younger you are, it seems to pick you up more than than if you were in what I would call the the middle Goldilocks band of ages. sure so So yeah, it does. And obviously that would could potentially lead to discrimination if used incorrectly. But yeah there are ways to to mitigate that, to go it around it. So in the US, you've got the ah NIST, so the National Institute of Standards and Technology, they allow companies and organizations who want to produce facial recognition technology to test it against their standard and their standard will say you rank here within the 300 companies that we've done and here are some things that you can do to fix it and everything else so
00:20:09
Speaker
Yeah, it's about that really. And also using the correct data sets to train. I mean, it's not difficult to find a data set that is representative of the people that you are trying to deploy the system for, and you're going to come up with a better system. I mean, to me that seems obvious, but maybe not. And then that will almost in itself prevent those allegations of incorrect deployments, discrimination, surveillance states, big brother watching you, those sorts of things.
00:20:37
Speaker
You've referenced that some of the character traits that you think a good DPO needs are like thick skin and resilience. And that's because there are times when protecting data subjects or or consumers might come into tension with business goals or or objectives. I'm curious,
00:20:56
Speaker
how you've managed those sorts of conversations and how you sort of maintain the trust of the business stakeholders who you're working with, while also maybe advocating for a slightly different path or something that is slightly more protective of general consumers.
Balancing Protection and Business
00:21:16
Speaker
It's difficult. I'm not going to sit here and tell you that it's not, and I think there are a number of different strategies that you can use so you can try and appeal to their common sense which doesn't always work depending on what you're talking to. Also there's sometimes the the dollar or the pound for financial value of doing something is so significant that they are crowded by.
00:21:38
Speaker
that over and above whatever you are saying. So they've come in with a preconceived idea about whether it doesn't matter what Paul's going to say, because I already know that this is going to make me a million, two million, whatever it is. right so so So what I try to do is apply what I call the grandmother test. So it's that if your grandmother was subject to what you are trying to do,
00:22:01
Speaker
how would you feel about that? Because most people can think of their grandmothers or their their children, but the grandmothers ah tend to work more because they see them as frail, not very technology savvy, older people. I say, how would your grandmother feel about this? And how would you explain to her what you were trying to do and justify it? And and that's It doesn't always work, don't get me wrong, but it allows people, it personalizes the experience to them. It removes this whole, it's for Apple or Google or for whatever company you work for and makes it personal to you and makes you think about it in a personal way instead of a potentially financial way, for example. so
00:22:39
Speaker
That's one of the techniques that I've used successfully in the past. Others are just saying to them, well, tell me what what you want. Tell me what you're trying to achieve. And i'll I'll give you some alternatives. I'll give you some other options. Have you considered other options? And if at the end of it, we come out with the original idea still being the the best, fair be it. That's acceptable. And in my position, my job then is to just tell them the risks of doing it in a particular way.
00:23:05
Speaker
I like that. I like that test. you know i found You can't use this all the time, but another sort of nice test here and there is the New York Times test. How would you feel or how would our shareholders feel or how would our investors feel if they read about this on the front page of the New York Times or the Wall Street Journal?
00:23:24
Speaker
exactly but that's my That's my hardcore one. That's for the if the grandmother test doesn't work. How would you feel if you're tomorrow morning's headlines for for what you're doing? In a clear view kind of way. So that's how they ended up. yeah What do your shareholders think if if you were the next clear view and how would that affect you? And the answer is terribly. so yeah right um I mean, that's that's sort of working with business stakeholders. A lot of our listeners are our general counsels, members of their teams. I'm curious how you think a DPO can work most effectively with in-house legal and what you think that relationship looks like in ah in a sort of ideal setting. ah Collaborative, side by side, ah certainly not adversarial, that's for sure. I see us almost as
00:24:12
Speaker
a separate prong on the same weapon. So if you think of us as almost like a trident, you have us as DPOs, you have the legal team. And then the third prong really is the technology team. So the IT team, we are almost that tripartite approach where we say to people, you come to one of us, generally, you're going to have to deal with the other. So you may as well cover off all of the problems at the same time. I think there are often times when we need the legal teams because there are contract negotiations, there are liabilities that need negotiating. There are lots of things that don't get me wrong. Some of us can do as DPOs, but the real expertise is with the legal counsel. And so why make your life harder when you can go to them and they'll go, oh yeah, of course. I can do that in 15, 20 minutes in what might take me two hours. They can say, yeah, I'll do that for you. So it's a side-by-side thing.
00:25:07
Speaker
but actually it allows that risk management operational deployment all to be considered from both angles and actually there's a lot of crossover anyway so you may as well save yourself the hassle and and kind of come to this with ah a joint approach really.
00:25:23
Speaker
Okay. I've got to ask you about referring, uh, semi professional professional football, uh, which what we call soccer here in the U S although I feel like football was also picking up as a terminology just because premier league champions, like et cetera is so
Paul Collier's Refereeing Journey
00:25:38
Speaker
popular. How did you get into that?
00:25:40
Speaker
So I used to play, like most ah most kids, I used to play played from a very young age. And then it got to a stage that as I got older, the physical contact side of the sport was just becoming too demanding. So I would play on a Saturday and I would still be struggling on a Tuesday when I needed to then either play again or train because the physical contact was quite demanding on the body. So I wanted to stay involved in some way. And there are a number of avenues you can coach, you can become turn to management, whatever it is. okay Some say I was glutton for punishment and I just, I enjoyed being shagged to that. so So that's why I took up the referee inside of things. But yeah, ah absolutely. No regrets. I love it. And yet continue to love it up to this day. You seem to like high stress positions. I can't imagine it being... It's the adrenaline.
00:26:32
Speaker
yeah I can't imagine that being a referee at that sort of level is is easy in any capacity. right i mean You have the fans, you have the players who probably have strong opinions. yeah i mean how do you How do you manage that that sort of like stress in the moment? Is it just being very, very focused? What's that like? Focused, calm, confident, so confident but not arrogant. so Confident that you are making the right decisions, that you know what you're talking about, and that you
00:27:04
Speaker
have the authority to be able to convey that in a way that makes them think, oh, this guy knows what he's doing. So there's nothing there's no point shouting screaming at him. He knows what he's doing. So yeah, I mean, at that level, you you're the kind of the step up from it being a ah hobby. People are being paid to play. The spectators, the fans are paying quite a lot of money sometimes to come and watch.
00:27:26
Speaker
not you, but the the game itself. And my role is to facilitate the safe conclusion of that game for for everybody. And it's almost a similar thing that I do for for my my job. I'm there to facilitate the safe use of data ah right for for everyone involved. And that's exactly the same as referee. And I'm there to just facilitate the safe conclusion of the game and and the enjoyment as well, obviously.
00:27:50
Speaker
And so folks understand, you know, you can give us a little primer on how professional football works. Sort of what level are you refereeing at and where does, I don't know, like Manchester United or Arsenal or someone like that, Liverpool, where where do they play? So in in the English refereeing pyramid, that is a pyramid. So step one is top level. So you have Premier League, the the the three divisions below that so the championship and then leagues one and league two that's step one and then you go down to step two which is the national league so that's where rexson came up from a few seasons ago rexson were in the national league and two seasons ago and they've had successive promotions to get to where they are now
00:28:36
Speaker
And that's the level that I operate at. So I operate at the national level and the one below that, which is a regional one. So steps two and three where I operate, so on. Yeah, a few promotions away from from the Premier League yet, but yet still still high up in the league. And that that goes all the way down to step nine, I think it is now. Yeah.
00:28:56
Speaker
And do you have are you like are you hopeful that someday you might be able to to referee? i mean ah and Would that be a full-time job? Would you have to stop being a DPO? yeah Yes and no. so yes ah I'm always hopeful because you always want to make the the best version of yourself, so I'm always pushing and striving to be better and to to improve. so yes i would yeah If somebody said to me one day, you keep working hard and in three years you'll be at the top top level, of course. I mean, who wouldn't? that That's the idea of it. Would I be able to continue being a DPO? Certainly not, because the pi the time constraints are already pretty high anyway. ah But at that at that level, you're talking about traveling four or five hours each way to get to games. And yeah, it becomes problematic then, sadly.
00:29:42
Speaker
That's really, really cool. I've never had a a professional, semi-professional referee on the podcast before. I honestly doubt that I will again. I don't know it's beennna say you never know never say never never say never and maybe i'll get it i don't know and know if you can be an NFL referee and then in here in the US and then like, you know, have a day job. I'm not sure about that.
00:30:06
Speaker
I've got some fun questions for you now as as we start to wrap up.
Paul's Passion in Data Protection
00:30:11
Speaker
um My first one is what your favorite part of your day-to-day is? My favorite part? um i mean I enjoy all of it, obviously, but I think it's that realization when I meet especially new people for the first time. so We as an organization deal with a lot of external clients, so that's the benefit of the consultant role. and it's They come in into us with this panic look on their face of I don't know what to do, help. And it's that the ability to be able to metaphorically hold their hand through the process and say to them, look, everything's okay, don't panic, we're going to come out of this the other way. And also to educate them that no matter what they've heard before, because there are some horror stories out there about don't go to your data protection officer, all they do is block things, they stifle innovation and progress and everything else.
00:31:01
Speaker
It's about educating them that we're we're not there for that. We're there to help. We're there to assist them. you know Technology is evolving. You only have to look at what AI is doing now to say to them, we're here to make those really complicated and difficult things easier for you to understand. And and that's it really. So it's about that.
00:31:20
Speaker
Yeah. Helping. Yeah. Helping people interpret the complex world that we operate in and saying to them, everything's going to be okay. It sounds cheesy and corny, but but that's it. that's We're just there to tell people that everything will be okay. and just We're here to help. that The opposite. Do you have a professional pet peeve? People who think we're blockers.
00:31:41
Speaker
yeah think People who think we're we're there to prevent them from doing what they want with data, to prevent them from collecting information, that's just not us. Well, that certainly shouldn't be us as DPOs. we We should never be seen as that blocking force, as the computer says no type attitude. You should be there to engage, to educate, and to advise people on the most compliant way to do things that fits your operation need. That's it. It's as simple as that. So that that is a pet peeve of mine, particularly. I am a big reader, and I like to ask our guests if they have a book recommendation for our
Recommended Reads for DPOs
00:32:20
Speaker
audience. I mean, this could be something professionally related, but this could also just be something interesting that you've read recently.
00:32:27
Speaker
A few. I'm quite a big reader. I just am. My wife loves books. We've got a room that effectively looks like a library full of all all the books that she likes to So books I've read recently, I've read the permanent record, so the Snowden book about the Snowden leaks and the WikiLeaks eye opening. I think that is for people who maybe have heard it on the grapevine that haven't really understood exactly what went on. that's That was a useful book. I like the Jack Reacher books. So The Lead Child. So i've I've read one of those recently. And then the most recent one is a book called When the Dust Settles. So it's a book about disasters and the aftermath, I suppose, what happens after the disasters. So 9-11, the bombings that we had over in the UK.
00:33:17
Speaker
And I mean, ah the reason I like that is because it's about my world, really. So I've got a degree in forensics. And so that kind of thing just, yeah, I find that interesting. So that's one of the things I like to read up on. Very interesting suggestions. My last question for you, Paul, is if you can look back on your days getting started as a DPO early on, something that you know now that you wish that you'd known back then.
Advice for New DPOs
00:33:48
Speaker
I think it applies in everything really is to just slow down. There's no need to rush. Back in my early days, I felt that there was some huge time pressure on me that meant that I needed to rush through everything at the, you know, breakneck speed, really. And you often have
00:34:04
Speaker
but so much more time than you realize. think And rushing just makes mistakes and it makes you panic, it makes other people panic. So I think if I'd be able to tell me from 10 years ago, it would be just calm down, relax, yeah take a deep breath.
00:34:20
Speaker
everything will be fine. You just need to be comfortable and confident and not rush. but That's the one thing I wish I'd known that there is much more time than you you ever think you've got to do these things. Great advice and something that I should probably apply today, this very day.
00:34:40
Speaker
Paul, thank you so much for joining me for this episode of The Abstract. My pleasure. I absolutely appreciate you inviting me on. And to our audience, thank you so much for tuning in and we hope to see you next time.