Back to the list

IMPACT 80/20 is one of the first advertising agencies in Estonia with an in-house DPO

The new General Data Protection Regulation (GDPR) that entered into force at the end of May 2018 requires all organisations and enterprises engaged in large-scale processing of personal data to have data protection officer (DPO). It can be either an in-house employee of the company or a consultant hired for specific projects. IMPACT 80/20 is one of the rare advertising agencies in Estonia that has a trained in-house DPO in its team.

According to Paul Aguraiuja, CEO and Creative Lead of IMPACT 80/20, having a dedicated data protection officer on the payroll is beneficial primarily for clients of the company. “As all online operations involve processing of personal data, it is good to have our own DPO available at all times. Having an in-house DPO means that we can provide our clients with prompt advice, guidance and assistance whenever needed,” Aguraiuja explained, adding that a DPO is almost like an extra layer of security. “It helps us prevent potential problems and be efficient in managing the problems that might still occur.”

Aguraiuja continued: “Our in-house DPO ensures that our service conforms to the Regulation, enabling us to maximise the quality of the service provided to our clients. By the way, the number of specialists that have completed respective training is still relatively small in Estonia.”

IMPACT 80/20’s DPO, Karolin Kondrat, explains that an in-house DPO operates as a contact point for data subjects, or the persons whose personal data are being processed, if they have any questions. “The role of a DPO is not limited to communication with clients and partners and reviewing the company’s personal data procedures, but a DPO is also responsible for providing in-house advice to other staff members and the management team,” emphasised Kondrat who completed in the spring an expert level training for data protection officers at the Tallinn University of Technology.

“While the GDPR is now in force, laws and regulations tend to change over time. Keeping track of such developments is one of the responsibilities of a DPO. In addition, a DPO should make sure that all legal requirements are also met in reality,” Kondrat said and continued: “Having a privacy policy is important but it is merely one side of the coin. Privacy policy only informs website visitors about data collection. However, in reality, we also need to protect and process the data of the employees of our company,” Kondrat emphasised.

If you need to get your company’s marketing compliant with GDPR, contact us! We can help!

data protection officer

PS. The author of blog post is Karolin Kondrat.