I've spent the last 2 days listening to experts on GDPR in the Life Science industry. There are about 120 working days until this regulation comes into place and still a lot to do, decisions to make, who is going to be your DPO (data protection officer)? Do they want to be your DPO? Should you have an employee or an outside agency acting as your DPO? With the key follow up "is there a course which will teach me how to be a DPO in the Pharma industry?" One interesting take away was in a number of cases the authorities are looking for the users to come up with the solutions, they don't know what the answer is but they know its's out there.
Happily I think the answer is out there too and the more these experts spoke the more confident I am they have it.
A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. Ideally, a DPO should have excellent management skills and the ability to interface easily with internal staff at all levels as well as outside authorities. The right DPO must be able to ensure internal compliance and alert the authorities of non-compliance while understanding that the company may be subjected to hefty fines for non-compliance.