Stefan Heynes - Taking care of the information we are entrusted with
Wednesday 27 January 2021
On this 28th of January, World Data Protection Day, we felt it was important to highlight this important aspect of Caritas Luxembourg. The information entrusted to us is sensitive. Protecting it as well as possible ... a duty! Interview with Stefan Heynes, Data Protection Officer (DPO) for the Caritas Luxembourg Foundation and for the non-profit organisation Caritas Accueil & Solidarité.
WHAT DOES CARITAS LUXEMBOURG DO IN TERMS OF PERSONAL DATA PROTECTION?
We have taken all possible measures to comply with the European Data Protection Regulation (GRPD). We are trying to consolidate our processes as we go along and adapt them to new external and internal developments, while remaining pragmatic so as not to make the processes too complex. The "data protection" aspect is systematically taken into account in each new project we undertake, whether it is social, IT or other. We also regularly carry out audits with external consultants. An audit was carried out in the autumn of 2020. Some improvements were proposed by the consultant. These have since been implemented. In addition, we are continuously supported in our approach by a professional in the field.
IS THE PROTECTION OF PERSONAL DATA PARTICULARLY IMPORTANT FOR AN ASSOCIATION SUCH AS CARITAS LUXEMBOURG?
Yes, it is very important. We work with very vulnerable people who entrust us with their entire lives, often also very intimate things, in the hope of being able to be helped. It is therefore important for us, who hold this sensitive information, to take good care of it.
Moreover, as a social service we have an extra safety valve. Indeed, all our social workers when they chose their profession as educators, social workers, and our psychologists have committed themselves to following a certain professional ethic and to respecting the confidentiality of the information entrusted to them. This professional secrecy is much older than the RGPD.
At the same time, it is important to inform the people we accompany, but also our donors and other stakeholders, about what we do with the information we have about them and their rights. To this end, we organise training for staff, so that they can best explain to people and answer any questions they may have. We have also produced a leaflet, which can be downloaded from our website.
WHAT QUALITIES DO YOU THINK A DATA PROTECTION OFFICER (DPO) SHOULD HAVE?
For me, the DPO must be very structured and rigorous in his or her work and know how to mobilise all the other professions in the company concerned with data protection because data protection is everyone's business, at least at Caritas Luxembourg.
WHAT DO YOU PARTICULARLY LIKE ABOUT YOUR JOB AS DPO?
The fact that this mission fits in very well with my other mission as Quality Manager of Caritas Luxembourg. This gives me an overview of all the processes at Caritas Luxembourg and enables me to be as efficient as possible. Finally, I like working with a lot of people and as DPO you only succeed if you work as a team.