Posted in Miscellaneous

GDPR: The DPO, a mole inside your company?

A focus on the DPO.
Its’ required  if:

  1. the processing is carried out by a public authority or body (except for courts acting in their judicial capacity);
  2. the core activity/ies consist/s of processing operations that require regular and systematic large-scale monitoring of data subjects (for example profiling and tracking of online behaviour); or
  3. the core activities consist of large-scale processing of sensitive categories of data (for instance hospitals, biomedical business or activities/institutions working with criminal convictions)

DPO’s job will involve:

  • monitoring compliance with data protection regulations + companies’ policies by assigning responsibilities to others within the company,
  • raising data protection awareness,
  • training staff,
  • carrying out compliance audits,
  • providing information and advice to the data controller, data processor, or employees involved in the data processing of their respective obligations under data protection laws
  • advises the company on the risks of certain data processing activities in the framework of the data protection impact assessment

One DPO can be sufficient within a corporate group and it can even be an external professional.

Source

Advertisements

Author:

Junior Legal Counsel with a remarkable lust for legal and business knowledge

Share your insights with a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s