The Data Protection Officer

Welcome in the new world of General Data Protection Regulations. The EU is helping all the companies to create security around data protection and privacy. Creating the GDPR has massive influence on how companies operate with data which are in fact all companies. That is something without any secrets. It is also a dossier with a lot of pain points. We have spoken about the impact in different other articles. However one of the topics of great interest is the Data Protection Officer. Companies are unable to execute a sustainable data strategy following the GDPR without the Data Protection Officer. A recent study shows that there are 28.000 positions of Data Protection Officers that has to be filled.

The Tasks of a Data Protection Officer
  • Informing and advising the controller or processor and its employees of their obligations to comply with the GDPR and other data protection laws.
  • Monitoring compliance with the GDPR and other data protection laws, including managing internal data protection activities, training data processing staff, and conducting internal audits.
  • Advising with regard to data protection impact assessments when required under Article 33.
  • Working and cooperating with the controller’s or processor’s designated supervisory authority and serving as the contact point for the supervisory authority on issues relating to the processing of personal data.
  • Being available for inquiries from data subjects on issues relating to data protection practices, withdrawal of consent, the right to be forgotten, and related rights.
Do we need a Data Protection Officer?

If your company needs a Data Protections officer depends on some different aspects. Let us explore these factors a little bit further.

You need a Data Protection Officer when your company is a public company or in other words government related. The exception is one pillar of the trias politica namely the judiciary. The are not obliged to appoint one however if they want to they are free to do so.

Your company needs a Data Protection Officer if you are active in data management with regularly and systematically observation. For example because of nature, size or goals as reason for this data management activities

If your company works with personal details from one of the special selected categories. Categories such as race, political ideas, religion, bio metrics, healthcare details, sexual preferences or convictions.

There are some other components as well. But the components above are the most important. Be carefull with details and if necessary consult with legal council.

Where do find a Data Protection Officer

Well the role of a Data Protection Officer is not necessary the same as an employee. Consultants and other specialists can be hired to do the job. However be careful with conflicts of interest when you hire an external party. When we take look at education there is no education mandatory before you can apply to the role. The person you appoint has to be skilled in the are of data privacy and protection. If your company is managing data at a large scale then you probably have to find a Data Protection Officer. However you have until the 25th of may in 2018 to do so.