The functions of a Data Protection Officer (DPO) under the emerging Personal Data Protection Act (PDPA), includes the DPO being the single point contact for grievance redressal between the Data Principal and the Data Fiduciary.
In discharging this function, the DPO can chose to be like a post office receiving the grievance and passing it onto some body else in the orgnization for resolution. In that case he does not need to even understand what is the grievance and still call himself the “Contact Person”.
But the intention of PDPA is that the DPO is responsible for ensuring that the rights of the Data Principals is adequately met by the data fiduciary and if in any specific instance the data principal is not satisfied, he can contact the DPO for resolution. If the resolution is not satisfactory, the data principal can take the complaint to the DPA and seek adjudication.
It is the responsibility of the DPO therefore to try and understand the grievance and if possible try to provide a satisfactory resolution at his level itself so that the matter does not have to be escalated to the DPA.
In order to resolve such issues the DPO should be able to come down from his pedestal of a highly paid employee of an IT Company working in the AC cabin and moving around in a chauffeur driven car, and try to appreciate why a data principal is raising a query that he is wronged. It is quite possible that the data principal may be wrong. But the DPO still is responsible to ensure that the data principal is satisfied with whatever resolution he gets.
When the data principal is correct in his complaint, it may be easy to resolve since conflicts if any would be with other internal members all of whom are part of the super ordinate goal of compliance to PDPA. But when the customer is wrong but is adamant that his right has been infringed, the situation is more challenging.
It is not always easy to deal with people who are wrong but donot know that they are wrong. It often happens when we deal with children who are adamant. A good parent always understands that the Child does not know as much as he/she and hence tries to come down to the level of the child to understand and resolve the issue in a manner in which the child understands. In such cases, we put ourselves in the shoes of the child and try to understand why he/she is adamant. This requires the parent to give up his ego and deal with the child as an equal, gain confidence and then slowly make him/her realise that the parent is providing some thing better than what he himself wanted.
This art of grievance redressal is often critical to any mediation. The ability to step into the shoes of another and understand his concerns and his views is “Empathy” ,a human skill that is relevant for a good DPO.
Emotion researchers define empathy as the ability to sense other people’s emotions, coupled with the ability to imagine what someone else might be thinking or feeling.
Two major kinds of empathy are often recognized namely the “Affective Empathy” and “Cognitive Empathy”.
“Affective empathy” refers to the sensations and feelings we get in response to others’ emotions; this can include mirroring what that person is feeling. This could be a dysfunctional response where one can feel stressed if the other is stressed.
“Cognitive empathy,” on the other hand is sometimes called “perspective taking,” and refers to our ability to identify and understand other people’s emotions. This is a positive characteristic of a good leader.
The DPO to be successful has to develop the Cognitive Empathy skills and avoid the affective empathy traits. When a complainant comes to you with a problem, being compassionate is one thing but getting lost in re-living the complainant’s distressed state is another and often, a problem.
An example which most of us might have seen is when a child is in some kind of a distress and the father and mother are both responding to the situation. The mother being compassionate to the suffering of the child starts crying and sobbing and the father contains his own feelings but immediately moves to do what is immediately necessary, such as picking up the child, rushing him to the hospital etc.
In a work situation also, HR managers often find themselves in such situations where they have to be sympathetic and show empathy with the people when they have some problems, but the solution may not be also become miserable themselves.
The “Counsellors” are often trained to react correctly in such situations where they are empathatic but not to the extent of reducing themselves to be mirroring the problems of others.
Understanding the principle of “Empathy” is relevant to appreciate the very definition of “Privacy Protection” itself since “Privacy” is a “State of mind” of another person and when we are trying to protect the Privacy, we are trying to give a feeling of assurance to the data subject that he feels that his privacy has been under his control only.
This principle of “Empathy”, how it differs from “Sympathy” and the benefits of “Cognitive Empathy” are behavioural skills that an effective DPO must posses.
(Comments are welcome)