Interview with Laura Zerwas
Today we are talking to Laura Zerwas, the data protection officer of the cmc group with headquarters in Frankenthal.
For about a year, she has been advising the companies of the cmc group on data protection and DSGVO, including Equitania Software GmbH.
Hello Laura, why don't you tell us a little about yourself and your career within the cmc group and what your responsibilities are within the company.
I started in 2011 in the form of a six-month internship at the cmc Group in Frankenthal, followed by a 2-year apprenticeship as an industrial clerk. In 2013 I started my dual studies (business administration) in Mannheim, so I could continue working for the cmc group. After my studies (2016) I took over the marketing department.
Since 2018 I am also data protection officer of the cmc group.
How did you find your new role as data protection officer?
In my work in marketing, I already had many references to data protection before. Especially in the advertising sector it is important to differentiate how, for example, e-mail addresses of customers or interested parties may be used for advertising purposes.
When then, before the new EU data protection basic regulation came into force, the cmc group discussed the subject of data protection more intensively, I was present at the meetings and informed myself more intensively. One thing led to another and at some point I was asked by the management whether I would like to take over this area.
What training measures were included in the training for data protection officers?
A data protection officer must have the necessary expertise on data protection. There are dozens of further training opportunities. I have completed a 5-day basic data protection seminar "Training as data protection officer" at KEDUA GmbH.
After passing a subsequent DEKRA examination, I received my certificate as "data protection specialist".
However, the training does not end after the examination, a lasting interest in the subject of data protection is required. In order to obtain the DEKRA certificate, proof of further training measures must also be provided every 3 years.
Where do you see the greatest challenges for the DGSVO?
The DSGVO is very complex and in many areas very general. In the beginning, or even today, I often see how many misunderstandings there are in some companies.
The biggest challenge, I believe, is to examine all processes in the company with the necessary care and attention without unnecessarily complicating processes. It is also important to increase the sensitivity for data protection among all those involved.
What tips do you have for us or other companies regarding privacy?
Don't be afraid... actually everything is very logical and seems a bit complicated only at first. If you don't have anybody who knows about the topic or is willing to learn more about it, you should definitely call in an external consultant. In this way, unnecessary work can be avoided.
And don't believe everything you read on the Internet, better ask a "professional" once again or just stick to reputable sources, such as the websites of the respective state commissioners for data protection.