A focus on the DPO.
Its’ required if:
- the processing is carried out by a public authority or body (except for courts acting in their judicial capacity);
- the core activity/ies consist/s of processing operations that require regular and systematic large-scale monitoring of data subjects (for example profiling and tracking of online behaviour); or
- the core activities consist of large-scale processing of sensitive categories of data (for instance hospitals, biomedical business or activities/institutions working with criminal convictions)
DPO’s job will involve:
- monitoring compliance with data protection regulations + companies’ policies by assigning responsibilities to others within the company,
- raising data protection awareness,
- training staff,
- carrying out compliance audits,
- providing information and advice to the data controller, data processor, or employees involved in the data processing of their respective obligations under data protection laws
- advises the company on the risks of certain data processing activities in the framework of the data protection impact assessment
One DPO can be sufficient within a corporate group and it can even be an external professional.