Kristin Pagnia, in-house lawyer and internal data protection officer at atriga
What are the advantages of an internal data protection officer?
Kristin Pagnia: The change from an external to an internal data protection officer offers the opportunity to be closer to the company, the employees and the issues. For example, I can organise data protection training courses in a completely different way if they are designed precisely to meet the requirements of the individual departments and if I combine collection expertise with the requirements of European data protection. As an internal data protection officer, you also have the task of advising and training. It is a great challenge to anchor data protection in the company in such a way that it is recognised as a matter of course by every superior and employee and is seen as an opportunity.
What is the reason for choosing an internal DPO?
Every company is free to choose whether to have an internal or external DPO. We decided to switch to an internal solution because atriga continues to grow strongly. The tasks that arise in the area of data protection are too extensive to outsource them. An internal DPO is on site and can be integrated into the processes in a completely different way than an external DPO who also works for other companies.
What are the particular data protection challenges of the debt collection industry?
The debt collection industry receives thousands of data records every day. It is responsible for the personal data of debtors and clients. This is data that must be handled very sensitively and where there must be no data mishaps. In addition, the debt collection industry often works together with credit agencies, for example to credit debtors. Compliance with the GDPR is essential in this area as well. And the principle of data economy always applies everywhere: extract the maximum amount of information from a minimum amount of data, while complying with the extensive information obligations towards all persons involved.
In the next atriga newsletter on 30 August 2021, you can read, among other things, how clients can tell how their debt collection partner is positioned in terms of data protection.