Data Protection Officer, DPO, GDPR, General Data Protection Rules
Let’s start with the duties of a data protection officer:
- to inform and give professional advice,
- to control compliance with the Regulation and internal policies (including the audit),
- to enhance the data protection consciousness of the personnel and to provide related training,
- to help and track data protection impact assessment,
- to cooperate with the authorities.
The question can be asked: who must employ data protection officer, since although the application area of GDPR is wide, the appointment of a DPO is driven by criteria that require mandatory assignment, otherwise it becomes voluntary.
Three specific cases applicable both to data controller and data processor:
- when data processing is performed by an Authority or a body performing public tasks,
- when the organisation performs regular and systematic monitoring of the data subjects on a large scale,
- when the organisation performs processing on a large scale of special personal data.
It is important that if appointment is not mandatory, it must be documented as an output of a sort of internal analysis.
Organisations or a group of organisations may assign a joint DPO, but it is better when each organisation has a dedicated person possessing the necessary information at local level too and if required can be involved in the performance of the tasks.
We, at Process Solutions have already assigned our DPO who can be contacted by our staff members and clients with trust when they have data protection relevant questions.
Thus we can declare that the DPO is a primary point of contact for the data subjects, the clients and the authorities, who can directly be contacted with complaints or in connection with an incident.
Powered by FORTIX Consulting