28 05 2019
The adaptation of a company to the requirements established in the new GDPR can be a slow and tedious process. Among the novelties that the new regulation establishes, it also introduced the obligation to name a role that gives us a lot to talk about these days: Data Protection Officer or DPO. But what does this mean and why is it important to know?
A Data Protection Officer is a person, natural or legal person, responsible for ensuring the compliance with the law of data protection in the company. This role can be an in-house or external employee of the company and must have specialized knowledge of law and practice in the field of data protection, although it is not required to be certified.
The main functions of the DPO include:
Not necessarily, the appointment of a data protection officer will be mandatory when:
The DPO must have sufficient autonomy and resources to perform his or her work effectively. Therefore, it is mandatory that the controller provides the DPO with all the necessary resources to perform his or her activity efficiently.
This also defines what should be the position of the DPO within the company. The regulation establishes that it is important that the data protection officer participates from the earliest possible stage in all questions related to data protection. In addition to this, it is important that the DPO is considered as a contact person within the organization and that he or she forms a part of the working groups that deal with data processing activities within the organization.
The GDPR makes it clear that whoever is obliged to ensure that the processing is performed correctly is the processor, and not the officer. The DPO is not responsible for the compliance with the rules on data protection, this is the responsibility of the processor. If the person responsible for compliance makes decisions that are incompatible with the GDPR and the DPO’s advice, the DPO must have the possibility to easily express his discrepancies to his or her superiors.
In short, the role of the DPO is definitely one of the main additions of the GDPR and it is important to ensure the compliance with the new European regulation.
In case you have any questions or doubts, feel free to contact us!