AI Changing DPOs' Role, Former Labour Party Officer Says

DPOs who understand tech could have an AI role at a company, Robson said. Serving as an AI governance officer with a data protection manager working under you could future-proof employment, he argued.

DPOs need to be efficient and want AI to help them, so organizations must focus on training staff, enforcing policies and establishing a corporate culture for using AI, said Robson. The minute you put personal data into unstructured AI, you lose that data and risk breaches, he added.

Robson likened a successful DPO program to flying an airplane: There must first be an automated platform to manage administrative tasks such as responding to data subject access requests, akin to putting together the infrastructure that propels a plane into flight. Then the system must be tested for potential problems. Finally, people in the organization must come to the DPO to ensure they're doing the right thing with personal data.

Whether it's better for a DPO to be an internal full-time or part-time employee or an external consultant depends on the level of risk involved in an organization's use of personal data, Robson said: The larger an organization is, the more contact with a DPO is needed, so an in-house employee is better.

As a DPO, Robson said, he was "fastidious" about what his actual job was. It's important that organizations have DPO job descriptions, but what's more critical is that if a work item isn't about personal data or protecting people's privacy, it's not a DPO's job, he said.

Robson also noted that DPOs face problems securing budgets and resources, because if a DPO's work is effective, it's likely no one in the organization understands it, and therefore no one thinks there are any privacy problems or sees a need for funding. There's likely "no return on investment" unless the organization experiences a data protection issue and realizes what DPOs contribute.