Now that it by and large seems to be that GDPR hypestuff is mostly pushed into the legal corner, … let it stay there. Let the others do their job, and reap all the benefits. I.e., via the avenue (required budget-wise; wildlands qua budgets received) of data discovery [Uchg ugly word I meant inventory] / data minimalisation/cleansing / data security [the old way, like information security, not the #ditchcyber fail] towards magnificent efficiencies in IT ops, and much clearer, exponentially better profile’able data even if Big.
Hey, the DPO was so self-inflatedly Important, right? Let him (sic) handle all the fan mail then… Let him panick-crash during every high-pressure breach BCM handling.
And then a. get fired, b. get sued, c. get replaced by yet another legal scholar turned business savvy (quod non) ‘executive’ [who executes who?].
But … in the mean time, someone would have to discharge the DPO. Not from internal audit because they’re part of the problem organisation.
OK, let’s have that done by an external auditor, then. A specialist, hopefully.
Hereby my claim to that specialty. Will develop fully-compliant methodology, will travel (charging expense…).
And:
[As an external auditor specialist, I love to have this sort of view; NY]