In our sit-down interview with Ms Bea Mamon, the Data Protection Officer (DPO) and Special Assistant to the Office of the President at Enchanted Kingdom, the Philippines’ first and only world-class theme park, Ms Mamon shares with us her considerations for taking up a DPO certification program and how she has benefited from the course in her daily course of work.
Ms Mamon has been working with Enchanted Kingdom for 10 years, and has previous experience in the IT and BPO industries. She supports her company in complying with the Data Privacy Act (DPA) for their customers. Enchanted Kingdom is celebrating its 23rd anniversary in 2018, and continues to provide its guests with magical experiences. It is a member of the International Association of Amusement Parks and Attractions (IAAPA) and has alliances with people from around the world.
How I Found Myself in Data Protection
Aside from being appointed as the Data Protection Officer, I am also currently the Special Assistant to the Office of the President at Enchanted Kingdom (EK), which is the Philippines’ first and only world-class theme park. EK is celebrating its 24th year in 2019 and continues to provide its guests with magical experiences. It is a member of the International Association of Amusement Parks and Attractions (IAAPA) and has alliances with people from around the world.
I have been working with EK for 11 years, but prior to that I also had some work experience in the IT and BPO industry, which has contributed so much to where I am right now, especially with this new role given to me. In an environment and world of providing magical experiences, it is truly a challenge and a blessing to be assigned as DPO. I take it one day at a time to do my best to lead the company in complying with the Data Privacy Act, for the good of the guests we are serving both internally and externally.
Pain Points and Initial Challenges
When I first heard about the DPA Law, I did not think much about it because, at that time, I wasn’t directly involved yet. When I learned more about it, I even actually said that it’s about time that there be a law on privacy, especially since everyone is already complacent about their data/information.
In relation to my current role though, aside from the fear of going to jail and being penalised, there is also the fear of not being able to be an effective DPO. The main challenge, of course, is to be able to implement and put in place the Privacy Processes and Systems in the organisation in order to protect the personal information collected from risks and threats. There are still days when I don’t know how or where to begin.
It is also a challenge to create awareness to the employees; some were indifferent about it and some really wouldn’t cooperate because they thought that these measures were a waste of their time. But it has to be done and someone has to do it, so here I am.
In the beginning, we did some research and asked existing DPOs if a certification or training program was required in order for someone to be assigned or appointed as a DPO. Some of them said it wasn’t required and that they just attended the seminars given by NPC and other solution providers. We really thought hard about it and, with much prodding from management, realised that this program would make me knowledgeable and credible in fulfilling my role as EK’s DPO.
Taking the program would give me the confidence and support that I need to be able to be an effective DPO. It was also the first time for me to have a Certification from TÜV Rheinland so I was actually excited about it. Firstly, TÜV Rheinland is a global brand very famous for its system certification and training programs, so any training and certification offered by this institution is very reliable. Secondly, having learned that the facilitator/trainer was Mr. Dondi Mapa, who is known in the IT industry and was the first ever DPO of the NPC, I knew that the course and program would be carried out effectively. The organization (EK) looked and searched for other institutions offering the DPO certification but only TÜV Rheinland came out to be the most credible and cost-efficient.
Since it was my first time undergoing training under TÜV Rheinland, it was also my first time being exposed to ISO Manuals. It was overwhelming indeed, but helpful nevertheless. So far the contents of the manuals supported what we learned from the materials of the NPC.
Getting started with TÜV Rheinland wasn’t that hard; getting deeper into the course and program that made me realise and see the bigger picture of being assigned as a DPO. It gave me a clearer picture of what I was about to face. Even if I’m still overwhelmed and fearful of not being a great or successful DPO, the program taught me a lot about what I needed to do first, how I should do it, and when I needed to do it.
Being with a class too made me realise that I am not the only one experiencing the same fears and challenges – most of my classmates were also surprised with the role given to them, similar to what I was experiencing too. As soon as the results of the program came out, I was happy to have passed, even though I really didn’t expect it. Having only 5 days to absorb everything was not an easy responsibility but I am glad I was able to do it.
Compared to the other training programs, this certification is actually valid for 3 years and is accepted globally especially in Europe. So that in itself is a big thing. Taking this program was well worth it.
The most positive experience for me is being able to meet and exchange ideas with other co-DPOs from different industries and from different years of being in the industry. Regardless of background, we were all on the same page during the classes. I learned a lot from them – lessons which I will carry that with me every day of my life.
Recommendations for Prospective Students
Before taking this program, I only had some background on the DPO role and DPA law through orientation and basic lectures. Now, I have an idea on how to implement and be compliant, the step by step procedure, the consequences of non-compliance and so on. It is not enough to be knowledgeable about your task or what you are assigned to do, you also need to know how to apply your knowledge to the job.
I would definitely recommend the DPO (TÜV) PersCert Program because the program was very thorough and in-depth. It is also an advantage to be able to attend training under TÜV Rheinland, a brand that is known globally.
This course is such a huge help in supporting and enabling a person to fulfil his/her roles as a DPO. TÜV Rheinland knows what it is doing, it is knowledgeable in terms of standards, policies and procedures and it also has the best speakers/lecturers around. When you are hungry for knowledge and want to be an expert in your field, before acquiring other training providers, one should always look to TÜV Rheinland because it will all be worth it.
Keen on attending our DPO (TÜV) PersCert Program yourself? Speak to our Academy experts on this and other courses available for you to get certified by TÜV Rheinland:
For more information, speak with our experts: