Institutions create security regimes under the guise of protection, but these measures, even with the best intentions, can be problematic to execute due to competing logics, such as tensions between government regulations and institutional priorities. Data Protection Officers (DPOs) must navigate these conflicting logics, balancing data privacy with intuitional concerns. This article argues that DPOs can find power by identifying gaps between regulatory and institutional logics to form localized tactics to carry out their jobs in line with their own ethics and morals. By doing so, workers can reclaim power in the seemingly dominating power of security logics.