The importance of appointing a DPO

( Hours) | Days
One of the most important changes in data protection is fast approaching. The forthcoming General Data Protection Regulation (GDPR), which has been enforced on May 2018, require some organizations to appoint a Data Protection Officer (DPO). This is applicable to all public authorities and companies that are involved in a consistent and systematic processing of sensitive personal data.

THE IMPORTANCE OF APPOINTING A DPO

 

One of the most important changes in data protection is fast approaching. The forthcoming General Data Protection Regulation (GDPR), which will be enforced on May 2018, will require some organizations to appoint a Data Protection Officer (DPO). This is applicable to all public authorities and companies that are involved in a consistent and systematic processing of sensitive personal data on a large scale.

The Data Protection Officer will ensure that the organization complies with data protection laws and regulations. The organization may assign the role of a DPO to one of its employees, as long as their professional and new responsibilities (as a DPO) do not result in a conflict of interest, or it may contract an external service provider. Furthermore, a single DPO can be appointed to be shared between several organizations.

The designated DPOs must have the professional knowledge and skills base related to data protection laws and practices. They must also possess a thorough understanding of technical and organizational structures of the respective company.

Under the GDPR, the independence of the DPO is one of the key requirements. Moreover, they must be allowed to carry out their job in line with the regulation requirements, and not be penalized for their actions.

Organizations must be capable of providing the necessary resources to DPOs, such as: continuous training, access to information, facilitated communication with all the staff, etc.

The main task of a DPO is to conduct data processing audits. During data processing audits, the DPO has to identify the processing scope and purpose, source and sensitivity of the processed data, and data transfers outside the EU.

Now, under the GDPR, “Data Protection Impact Assessments,” which aim to measure privacy and security levels, and recommend potential improvements, need to be carried out.

 

 

The Responsibilities of DPOs

Ø  Inform and advise the organization and its employees about their obligations with regard to the new regulation

Ø  Provide training and awareness sessions to individuals involved in data processing

Ø  Monitor compliance with the regulation and responsibility assignment

Ø  Monitor the organization’s Data Protection Impact Assessment and report when necessary

Ø  Promote and encourage a data protection culture within the organization

Ø  Cooperate with the supervisory authority concerning the issues of personal data processing

DPOs are in charge of reporting to the top management in an independent manner, and as such, they must not receive any instructions regarding the execution of their tasks. Furthermore, they are hired for a period of at least two years and can be fired only if they are incapable of accomplishing their duties.

 

 

Before the enforcement of the GDPR, organizations can begin their preparation with respect to the appointment of a DPO, including:

Ø  Review the criteria and the requirements for the designation of a DPO and evaluation of internal employees, whether they are suitable for their position or whether external candidates will be needed

Ø  Ensure that adequate trainings will be provided to suitable individuals

Ø  Monitor the publications and guidance regarding the role of the DPO from EU privacy bodies and regulators

Ø  Plan the budgets in order to be able to provide the adequate resources to the DPO in the future

Ø  Develop guidelines or programs about the cases when a DPO must be consulted

Ø  Safeguard the implementation to ensure independence and avoid conflicts of interest

 

It is important to note that when a data breach occurs, the Data Protection Officer has the legal obligation to notify the supervisory authority within 72 hours.

Lately, the role of the DPO has become increasingly important, and this trend will continue due to the fact that a significant requirement of the new regulation is the appointment of a DPO.

In conclusion, the role of a DPO is crucial. Apart from taking care of data breaches, they also help organizations and public authorities comply with the new rules.

 


Schedule for this course
Start dateEnd DateFromTo 
23-12-201827-12-2018 9:00 AM 17:00 PM JOIN TRAINING