What could personal responsibility at Board-level do to ensure the right to data is being met include? Should the same person be responsible for ensuring that personal data is properly protected and that privacy issues are met?

2) What could personal responsibility at Board-level do to ensure the right to data is being met include?  Should the same person be responsible for ensuring that personal data is properly protected and that privacy issues are met?