Many organisations nowadays are unsure whether they require a DPO or not. Some do not know if data protection even applies to them. Today we shed some light on this using an example that is timely and hopefully somewhat entertaining. Achieving compliance with modern business requirements can be very tricky. Just ask ace detective Patrick Carolan, who has been investigating a well-known figure to answer an important question…

NB: ‘Corral’ here means to gather together!

Does Santa need a Data Protection Officer?

Patrick’s findings are crystal clear: “Given that Santa comes from the North Pole and is therefore not based in one of the EU Member States, he needs to have an ‘EU Representative’. This is spelled out in Article 27 of the GDPR and defined particularly well by the Information Commissioner’s Office (ICO). This person needs to act as a contact point for all data protection-related questions from EU citizens, and also functions as the contact to the supervisory authorities.”

When pressed further, Patrick revealed his shock at Santa’s lack of cyber awareness. “What really surprised us in our investigations into Santa’s operations was that he’d mistakenly believed that data protection didn’t apply to him. He had been labouring under this misapprehension because he operated from the North Pole. But he was monitoring the behaviour of children all over the world. Data protection clearly applies in these circumstances and he should have known better.”

Going deeper, Patrick went on to bemoan Santa’s entire business operation. “Furthermore, we also found that Santa’s workshop was not in a compliant state pertaining to cyber security. This was due to his outdated practices and things have to change. Santa needs to remember that even he must adhere to the data protection principles and cyber security assurance.”

Achieve compliance with CRIBB Cyber Security

There you have it, absolutely zero prisoners taken here by Patrick Carolan from CRIBB. Compliance with modern business requirements is not easy to achieve but it all starts with being cyber aware. Having an understanding of the GDPR, DPA 2018 and indeed of all data protection regulations is a great place to start. However, that takes a lot of time and patience. There is a reason that people like Patrick exist. There is a reason that companies like CRIBB exist. We go through cyber security rules and regulations with a fine toothcomb so that you don’t have to.

You can contact us to find out more or leave questions in the comments section below. Either way, we’ll be sure to get back to you with answers, advice and guidance. Of course, the final word here should go to Patrick:

“Don’t be audited and found to be non-compliant with today’s business requirements like Santa has. Reach out to our specialists at CRIBB Cyber Security.”