alex.sqldba - Friday, September 22, 2017 5:28 AM
I'm not saying do/don't listen to your DPO, but if that's their opinion for your business then they must have a reason why.
It helps that our DPO here used to be our Senior DBA, so he understands SQL server and the abilities. Other DPO's may come from a very different background. It's always worth discussing the options with them and understanding what the needs are for the client/regulation. There are often many answers/routes to a single goal, but not everyone will be aware of them; discussing those routes gives everyone a better view and puts all your cards on the table.
Of course, if the DPO is leaving, then they aren't going to be able to oversee the implementation. Thus, you might be better waiting for your new DPO, who can properly document your processes as you implement them; or you could start the discussions again, letting him know that a solution isn't in place yet, but here are what you can do and his input would be appreciated.
I can't stress enough that the documentation is really important here. That's effectively your proof. If you have a process in place, but no documentation, it could be very hard to prove; thus you might still be liable for fines/reprimands/etc even if your system is as robust and secure as Fort Knox.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk