Category: News

Congratulations, Dolores!

XpertDPO is proud to celebrate the achievements of Dolores Martyn, our Governance and Policy Lead, who has received two of the most respected honours in the privacy profession: the Fellow of Information Privacy (FIP) designation from the International Association of Privacy Professionals and the Safeguarding Children’s Data Award at the 2025 PICCASO Privacy Awards in London.

These recognitions reflect her leadership as one of Ireland’s, and dare we say Europe’s, foremost upcoming experts in children’s rights, public-sector data protection, and high-risk GDPR governance, and they highlight the depth of expertise she brings to her work as an outsourced Data Protection Officer and specialist DPO advisor.

A European Recognition for Leadership in Children’s Data Protection

This year’s PICCASO Awards brought together leaders from across Europe to recognise excellence in privacy, governance and data ethics. Dolores’ award reflects the significance of her contribution to safeguarding children’s data in complex, multi-agency environments, particularly through her work on the Barnahus Ireland project, an EU–Council of Europe initiative designed to create a trauma-informed, child-centred model for responding to complex children’s cases.

Her role in strengthening the governance framework for this project placed her among Europe’s most respected practitioners working at the intersection of public-sector accountability, sensitive data processing, and children’s rights.

Strengthening Barnahus Through Data Protection Governance

A core element of Dolores’ award-winning work is her contribution as a Council of Europe National Expert to the development of Ireland’s Barnahus model. She authored the Draft Record of Processing Activities (RoPA) for the Barnahus service, an in-depth, cross-agency governance document that maps how highly sensitive children’s data flows between Tusla, An Garda Síochána, the HSE, Children’s Health Ireland and other key partners.

This RoPA was presented at the national roundtable on 6 November 2024 and now serves as a foundation for designing accountable and transparent information-sharing arrangements as the Barnahus model expands across Ireland.

Her work directly responds to issues identified in XpertDPO’s earlier legal, regulatory and policy analysis for the Council of Europe, which highlighted long-standing gaps in Ireland’s child protection landscape, from inconsistent interagency data sharing and unclear consent processes to the absence of a nationally coordinated strategy for child complex case response.

By designing a RoPA that clarifies lawful bases, standardises accountability mechanisms and supports coherent cooperation between agencies, Dolores has helped build the governance infrastructure needed to protect children’s data in one of the most sensitive and regulated areas of public service.

Fellow of Information Privacy: A Global Mark of DPO Expertise

Dolores’ recent achievement of the FIP designation from the International Association of Privacy Professionals further underscores her standing as a leading expert Data Protection Officer. The credential is awarded only to professionals who demonstrate advanced knowledge of privacy law, global data protection standards and hands-on experience in implementing governance frameworks in real-world environments.

For organisations seeking an outsourced DPO or specialist DPO support, the FIP designation is an assurance that their Data Protection Officer possesses both authoritative expertise and a proven record of delivering practical, high-quality GDPR compliance.

Bringing Award-Winning Expertise to XpertDPO Clients

What makes Dolores’ achievements especially meaningful is the way this expertise is applied daily in her work with XpertDPO’s clients. She supports public bodies, social-care organisations, regulated sectors and private companies by delivering highly specialised data protection governance, whether acting as their Outsourced Data Protection Officer, reinforcing an existing DPO team, or advising on complex issues such as children’s data, interagency information sharing, high-risk processing, sensitive data governance and RoPA development.

Her grounding in public-sector data protection, combined with her experience working on national-level initiatives such as Barnahus, gives clients access to an expert DPO who understands both the legal framework and the operational realities of safeguarding vulnerable individuals’ data.

Dolores’ recognition at PICCASO and the IAPP reflects the values that underpin XpertDPO’s approach to data protection: ethical leadership, integrity, realistic and pragmatic compliance, and an unwavering focus on protecting people, especially children and vulnerable individuals. Her work demonstrates that the role of a Data Protection Officer is far more than regulatory oversight; it is about shaping systems that are fair, transparent and designed around the dignity and safety of those they serve.

Looking Ahead

As Ireland strengthens its commitment to safeguarding children and protecting the rights of vulnerable individuals, the role of experienced, ethically grounded Data Protection Officers has never been more critical. This extends far beyond the Barnahus model and into areas such as assisted decision-making, where organisations must navigate complex obligations under the Decision Support Service and the broader framework designed to uphold autonomy, dignity and informed choice.

Dolores’ achievements reflect the calibre of governance expertise that XpertDPO brings to these environments. Her work demonstrates how complex GDPR structures, transparent Record of Processing Activities and practical safeguards can support not only children, but also adults who rely on enhanced protection and responsible data handling. By combining legal expertise with a deep understanding of real-world service delivery, Dolores strengthens XpertDPO’s position as a trusted provider of outsourced DPO services, specialist DPO support and high-risk data governance for public bodies, regulated services and organisations working with vulnerable people.

Our mission is to help clients implement safeguards that genuinely protect those who depend on them most while guiding organisations confidently through the evolving landscape of rights, autonomy and sensitive data protection.

We are immensely proud of Dolores’ achievements and the impact her work continues to have, both within XpertDPO and across Ireland’s public-sector, children’s safeguarding and wider vulnerable persons landscape.

The EC has published its draft Data Act. The draft Data Act (which takes the form of a Regulation) clarifies who can create value from data (personal and non-personal) and under what conditions.  It is the second major legislative initiative of the European Strategy for Data and follows on from the Data Governance Act which creates the processes and structures to facilitate data sharing.

The Act is intended to unlock industrial data by giving business users access to data they contribute to creating, and giving individuals more control over all their data, not just personal data.  This is focused particularly on data created using connected devices and related services, for example voice assistants.  It is partially aimed at largescale manufacturers and service providers of IoT products who are likely to lose their data advantage to a degree.  Third party business users will not be able to use obtained data to develop directly competing products, but they will be able to use it to create other products and services.

The new rules will make more data available for reuse and are expected to create €270 billion of additional GDP by 2028.

The proposal for the Data Act includes:

• New rules allowing customers to effectively switch between different cloud data-processing services providers and putting in place safeguards against unlawful data transfer.
• Measures to allow users of connected devices to gain access to data generated by them, which is often exclusively harvested by manufacturers; and to share such data with third parties to provide aftermarket or other data-driven innovative services. It maintains incentives for manufacturers to continue investing in high-quality data generation, by covering their transfer-related costs and excluding use of shared data in direct competition with their product.
• Measures to rebalance negotiation power for SMEs by preventing abuse of contractual imbalances in data sharing contracts. The Data Act will shield them from unfair contractual terms imposed by a party with a significantly stronger bargaining position. The Commission will also develop model contractual terms in order to help such companies to draft and negotiate fair data-sharing contracts.
• Means for public sector bodies to access and use data held by the private sector that is necessary for exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to implement a legal mandate if data are not otherwise available. Data insights are needed to respond quickly and securely, while minimising the burden on businesses.

In addition, the Data Act reviews certain aspects of the Database Directive, which was created in the 1990s to protect investments in the structured presentation of data. Notably, it clarifies that databases containing data from Internet-of-Things (IoT) devices and objects should not be subject to separate legal protection. This will ensure they can be accessed and used.

Implementation and enforcement

Member States must designate supervisory authorities which will have powers to sanction non-compliance in line with GDPR-level fines for certain breaches.

The legislation now begins the path to approval and is expected to come into effect 12 months after coming into force

XpertDPO are delighted to announce expansion into the Middle East market by acquiring a strategic client in Saudi Arabia. XpertDPO will be acting as the Outsourced Data Protection Officer to this valued client in relation to their ongoing personal data processing operations and new projects.

We have also been very successful at gaining two new clients in the United States to assist them with the DPO requirements and ensuring that they comply with EU Data Protection regulations.

To assist in the delivery of these new projects, XpertDPO have made a number of new hires, including the appointment of an additional Certified Data protection Officer.

Stuart Anderson, our Founder & CEO stated: Our expansion in the United States and the Middle East markets is testament to the level of expertise that we have available to our clients. We act as the trusted advisor to our clients who have total trust in our ability to provide expert guidance on the GDPR and other data protection laws around the globe.