Jaime Gallego has been Deutsche Plasser’s Data Protection Officer since the beginning of this year. We talked to him about his duties in this job and what part data protection plays at Deutsche Plasser.
Thank you for taking the time to talk to us. You have been working in the Quality Management department at Deutsche Plasser since 2017. Can you tell us a bit about your professional training and employment history?
I qualified as a systems engineer, dealing with programming and hardware, amongst other things. After that, I worked at a banknote printing company for several years; my last job there was quality inspector in the chip card manufacturing department.
I then undertook further training to qualify as a QM officer and internal auditor. In 2017, I joined the Quality Management department at Deutsche Plasser, where I am now also the Data Protection Officer.
What attracted you to Deutsche Plasser in particular?
For many years I have enjoyed travelling by railway, especially on the ICE. Thanks to this train, speeds of 300 km/h have become quite normal. Hardly anybody asks themselves why a train can travel at those speeds. This interaction of technology, the rails, the track and the rail vehicles has always fascinated me; especially the effort it takes to set up and maintain the framework conditions that make such high speeds possible. When the opportunity came up to become part of the “railway system” and to contribute personally to ensuring this quality, I did not hesitate and applied - successfully - for a job at Deutsche Plasser.
I also consider the railway to be the most environmentally friendly means of transport and am pleased that I can contribute to a sustainable use of our resources.
Nice to hear that it has worked out so well for you. What do you consider to be your strengths?
I am a good communicator and have good people skills. In addition, I am always interested in new things and am flexible. For me, cooperative relationships are very important, both within the company and with external business partners. That way we can ensure together that our customers receive excellent services.
You work in the Quality Management & Compliance department. What tasks does your job involve?
I am responsible for quality management and quality assurance in Munich. I carry out internal audits and prepare external audits for certification. This is, for example, the ISO 9001:2015 certification or the supplier approval for Deutsche Bahn. I also accompany the external auditors during their respective audits.
Together with our other departments, I develop Deutsche Plasser’s process landscapes. Here, we deal with all the processes required to guarantee a high-quality service for our customers.
In addition, I am responsible for QM documentation and compiling claim reports. Soon I will take on the role of Information Security Officer. I will have to ensure that the company’s IT systems are compliant, both with regard to software and hardware. The aim is to secure and protect the information stored by the company from unauthorised access internally and externally.
You are now also the Data Protection Officer of Deutsche Plasser. How did this come about?
To ensure well-functioning data protection, a company should have a data protection team consisting of three departments, i.e. IT, Human Resources and Quality Management. The IT department knows about the technologies available and thus knows what is technically possible. The Human Resources department is the one that has the most dealings with personal data, due to its function. Quality Management, on the other hand, has a wide experience of compliance with standards. The experience from other areas can also be applied very well to data protection.
My predecessor was an external service provider who acted as my mentor and inducted me in the subject. He retired at the beginning of this year. I was certified by TÜV Süd, and then took on this role with great pleasure.
What part does data protection play for Deutsche Plasser?
A huge part! We consider the personal data of our employees and business partners very important, and therefore, it should be protected as best as possible. We do not consider the legal requirements for data protection as a burden but as guidelines that we would want to comply with of our own accord anyway.
How does Deutsche Plasser or do you as the data protection officer handle data protection?
It is of great importance to me and the management to create transparency about the handling and processing of data. As a basic principle, if a company processes personal data on our behalf, this has to be contractually agreed. The contract will state what this company is and is not permitted to do with this data. Everything will have to be defined clearly, e.g. for how long the data is processed and stored, what it may be used for and when it will have to be deleted. These rules of course also apply for us. They are important for protecting the personal data of our employees and business partners. They in turn can ask for information at any time about which of their personal data is stored.
Thank you very much for your time!