The data guardian
Klaus Alpmann has been Corporate Data Protection Officer
at
MAN ES since 1 July. We spoke to the lawyer about his
initial
measures, tasks and objectives.
MAN People: You are MAN Energy Solutions’ first Corporate Data Protection
Officer. Why was this position created and what is the task facing you?
Klaus Alpmann: The company created the position of
Corporate Data Protection Officer in connection with the GDPR, which came into
force throughout Europe on 25 May. In this capacity, I am
responsible for safeguarding personal data throughout the group. The first task
facing my team and myself is to coordinate the necessary data protection
measures globally. With more than 100 international sites and around 14,000 employees, it is an enormous project.
What does the GDPR mean for the employees?
The GDPR entails new rights and obligations for the
employees. This includes the right to obtain information at any time on the
personal data that the company holds on them and what happens to that data. On
the other hand, the employees are under an obligation to audit IT-based work
processes of relevance to data protection in accordance with data protection
criteria when introducing them. In order to make things as simple as possible
for the employees, we are currently developing a data protection management
tool.
What precisely is the data protection management tool?
It is software that will help employees deal with data
protection issues quickly and easily. The new tool contains an online form that
asks which parties to the process do what with which data, and which IT systems
they use for what purpose and on what legal basis. Once employees have answered
the questions in full, the processing phase of the procedure begins.
Can you give us an example of a process of relevance to
data protection?
A typical example from HR is the introduction of a new
applicant management system that provides for online applications via a cloud
solution. As both internal and external applicants, as well as MAN ES
employees, can access the platform, the initiator of the applicant tool has to
clarify whether the tool is GDPR-compliant in advance. The new data protection
management tool will help with this.
What are the obstacles to be overcome?
The biggest challenge is the initial effort involved.
The data protection regulations vary widely between regions and we have to take
the differences into account in the new tool. Speed is also of the essence. The
first audits are just around the corner and audit readiness takes top priority.
Ultimately, we need to get employees worldwide on board with the new tool and
convince them of the need to use it.
How will you support the employees when the new tool is
introduced?
In parallel with the development of the data protection
management tool, we are producing specially tailored training materials that
are brief and to the point. The tool itself offers comprehensive assistance. If
employees have further questions, my team and I will be happy to provide help
and advice.
Klaus Alpmann, thank you for your time!