Data Protection Officer

Data Protection Officer

The need for certain companies to have a data protection expert called the Data Protection Officer (DPO) is among the obligations set out in the General Data Protection Regulations (GDPR). Until the entry into force of the new regulations, there was no such figure. The DPO may be on the company’s staff or be hired as an external party and must be an expert in the personal data protection regulation.

Article 37 of the GDPR determines the cases in which the appointment of a Data Protection Officer is mandatory:

  • When the processing is carried out by a public authority.
  • When the main activities of the controller or processor consist of processing operations that require regular and systematic monitoring of data subjects on a large scale.
  • When the main activities of the controller or processor consist of processing on a large scale special categories of data or personal data relating to convictions and offences.

Among the main functions that the new regulation attributes to the Data Protection Officer are to ensure and supervise the compliance of the company with the GDPR, to inform and advise the company’s decision-making body and the employees that process personal data of their obligations in relation to the GDPR, to cooperate with the Data Protection Authority (DPA) being the contact point between the DPA and the company, to communicate the existence of relevant violations in this matter to the management of the entity proposing measures to correct them and to participate in the development and execution of impact assessments.

The DPO must be appointed on the basis of his professional qualifications and, in particular, his knowledge of data protection legislation and practice. In Letslaw we can offer this figure of the Data Protection Officer to carry out all the necessary actions in order to comply with the Data Protection Regulation. This service includes:

  • Advice on compliance with privacy and data protection regulations for organisations, institutions, companies or corporations.
  • Information and advice to the data processor and employees with access to data on their obligations under the GDPR.
  • Supervision of the implementation and application of the company’s policies on personal data protection.
  • Supervision of the implementation and application of the regulations regarding data protection and security.
  • Assignment of responsibilities and training of personnel involved in data processing operations.
  • Advice on Data Protection Impact Assessment (DPIA).
  • Cooperation with the DPA.
  • Responding to requests from the DPA.
  • Communication of the DPO to the competent DPA.