If you use personal data in your work you are legally obliged to register during January and February each year.
NEW REGISTRATION? View guidance and create new registration here.
EXISTING REGISTRATION? Sign-in to Registrations Portal here.
Introduction
Project Bijou is the ODPA’s social initiative to share stories and experiences to help drive cultural change regarding good data protection practices.
In this conversation Cambridge Education Group DPO and privacy training speaker Kathryn Brooks recounts her journey as a data protection advocate.
Like many working in data protection, it wasn’t a field Kathryn meant to end up in and in the early days, she and her colleagues feared that new laws could ‘sink businesses’ and ‘stop innovation’.
But determined to see how she could work with new legislation, Kathryn embarked on a path of discovery and learning, both as an individual and as a company. She discovered a passion for privacy and the promise of privacy rights towards modernising businesses and empowering individuals with freedom, knowledge and choice over their data.
“We’ve gone on a big journey to try and change mindsets and approach to data protection and not be seen as innovation stoppers or progress blockers or gatekeepers or the DPO will just say no,” explained Kathryn.
“We want to be seen as a strategic partner, as an ally, as being able to understand a challenge or problem and being able to present a solution.”
Facing a common problem of DPOs working for large organisations, Kathryn realised she couldn’t be everywhere at all times, so she and her colleague came up with an effective strategy to try to plug the ‘privacy’ gap.
“We appreciate we can’t be in every conversation, in every meeting across the board so we recruited a network of volunteers called our privacy champions, that was something we introduced just over a year ago and that’s people from every team, every department who have a passion for process, who are interested in the principles of data protection and who are at those meetings and able to put privacy matters on the agenda.”
Key point
Data Protection Officers are not there to stop projects or get in the way, they are there to make sure it can be done within the boundaries of the law.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by
&
Indulge
© 2025 The Office of the Data Protection Authority.