The New GOV.KY Has Launched
The New GOV.KY Has Launched
The New GOV.KY Has Launched
The New GOV.KY Has Launched
Cleaner design, improved search and new features to help you get things done.
Learn More
Updated on 20 January 2026
 5:38 PM

Keep it secret, keep it safe

4 December 2023 | Blog | By: CIG Communications

Often when I think of my role as a Data Protection Leader (DPL), I go back to Gandalf the Grey’s famous advice in J.R.R. Tolkien’s The Lord of the Rings – “Keep it secret, keep it safe.”

In executing the duties of a DPL, maintaining trust (keeping it secret) and safeguarding the integrity (keeping it safe) of the personal data held by each agency is critical. However, in a digital age where secrets are hard to keep, security is constantly under attack and the governance framework is evolving, being a guardian of the right to privacy is no small task.

DPLs must be vigilant, adaptable, and proactive to stay ahead of potential risks. We need to be agile and responsive to changes to ensure our practices align with the latest standards and legal requirements.

Wearing many hats is a DPL’s superpower. Wearing the policy-writer hat, we contribute to the development of guidance and standards for handling personal data. As business process analysts, we assist with identifying vulnerabilities in our operations, allowing us to fortify our security. We also get to perform technology assessments to ensure that the tools we use are secure and comply with legislation, policies, and regulations.

But wait, there’s more! DPLs also contribute to records management within the agency and conduct trainings. Educating our team about the importance of data protection, the latest threats, and best practices is essential to create a culture of awareness and responsibility. Being a DPL is nothing if not dynamic.

Contrary to popular belief, DPLs are not data protection hermits. We work with IT Teams, legal professionals, and external partners. Collaboration ensures all parties are aligned and aware of their commitment to safeguarding personal data.

Finally, the one part of a DPL’s job that we hope never happens, but sometimes does, is responding to personal data breaches. As there are statutory timelines associated with responding to personal data breaches, we must always be prepared. This involves having a well-defined incident response plan in place, which includes protocols for assessing and mitigating breaches, as well as communicating transparently with the public and relevant authorities when necessary.

Want to learn more? Ensure you have completed the CIG’s Introduction to Data Protection course and set up a time to chat with your own Data Protection Leader.

This month’s Civil Service College Learning Corner is focused on Data Protection in collaboration with the Information Rights Unit.

Last updated:
Terms & Conditions Privacy Cookies Freedom of Information Contact Us