Are you one of those people who care deeply about privacy and data protection? 🤩
Guess what, nobody else does.*
Do you struggle to convey your message, constantly hearing that GDPR is so boring, with people cancelling your meetings, not responding or showing up at all? Worse still, do you often learn (randomly) about new high-risk activities AFTER they've been introduced..?
Is the GDPR (and you, the Boring DPO), seen only as, and I quote:
an obstacle/problematic for the organisation
That's what 49% (!) of 805 respondents in the 🇸🇪 DPA's DPO survey thinks, at least. But it doesn't have to be like this. Acting as an External DPO for years, I know.
And in this newsletter, I share my experiences of how we can work effectively (no, not 'productively' or 'efficiently'), including gaining traction with colleagues and management, and make the GDPR more fun (for everyone)!
* You might not get people to care as deeply as we do, but at the very least, it won't be excruciatingly boring.
For a preview, check out this article, originally shared through a CDPO newsletter.
Why is the GDPR so excruciatingly boring?
And why is it so much of it... (at least for DPOs).
CJEU rulings, EDPB (and WP29) guidelines, Art. 65 decisions, not to mention ePrivacy, AI, cybersecurity, marketing... the list goes on.
This post shows you just some of what happened in 2023 alone, including 32 CJEU rulings! 🤯
Which is why I made the DPO Hub (not just for DPOs), and curated GDPR news for years on LinkedIn, as you can see below.
The pressure to be an expert has never been greater, especially for DPOs.
🧯 With the fire-hose of constant regulatory changes, GDPR practitioners are overwhelmed and it often feels impossible to keep up.
After sharing actively on LinkedIn for the past years, my peers tell me that they appreciate my curated content of both big news and interesting tidbits from across the EEA.
I deep-dive into CJEU rulings, the EDPB's work (sometimes holding them accountable for subpar work), DPA decisions (discussing these with folks from the DPAs on our Grumpy GDPR podcast) and national court rulings (like this goldmine for 🇸🇪 DPOs), including having translated 75 cases for the GDPRhub (which has 3185 decisions, counting) on a volunteer basis since 2020, and I regularly revisit WP29 documents.
I not only focus on breaking news, like when the 🇸🇪 DPA ordered controllers to stop using Google Analytics or the 🇮🇹 one banned ChatGPT, but key takeaways and practical recommendations.
And I get really grumpy when people first offer something for free to our community, then start promoting their services...
Combined with my practical, hands-on experience having worked directly with close to 100 organisations on all aspects of the GDPR, including managing large implementation projects for higher education institutions - I'm confident I have valuable experiences to share with you.
And here I share how I went from GDPR n00b to award nominee in 6 years.
For years I've shared these experiences with our community. Some insights, though, don't always fit open platforms - like some tidbits from the Grumpy GDPR podcast recordings. 😆
Hence - Rie's DPO Letters was created! Join me today:
PS: Years of leading complex, cross-country projects have been invaluable in my GDPR work. I couldn’t have managed this one-woman show without solid structures, templates, swipe files, and processes. I’ll also share some of these experiences.