With the upcoming implementation of General Data Protection Regulations (GDPR) on the 25th May 2018, it is time to get to know the specifics of GDPR, and how it will affect you and your business. The Data Protection Officer (DPO) is an important part of the new regulations and will be an essential asset to your business as it attempts to navigate the processing of personal data in the future.
What is a DPO?
The definition of a DPO is an enterprise security leadership position that is required under GDPR. They are responsible for the overseeing of compliance in all sectors with new GDPR standards. However, a DPO cannot be held personally responsible for the failures of a company to comply. This falls on the controller or the processor who must be able to demonstrate compliance in accordance with GDPR.
Who needs a DPO?
Every public authority and public body will need a DPO, including government departments. If your business or organisation’s primary activities include any data processing operations you will also need one. This includes the regular and systematic monitoring of individuals on a large scale. Similarly, if your company specialises in “special categories of data”, i.e. healthcare, you will also be required to have a DPO.
Responsibilities of a DPO
Data protection officers are the cornerstone of the accountability-based compliance framework that GDPR relies on. DPOs are intermediators between each section of GDPR compliance, e.g. data subjects, supervisory authorities, and business units within an organisation.
GDPR sees the DPO as being “involved properly and in a timely manner” in all matters that pertain to the compliance of a company with GDPR in the matters of personal data processing. The DPO should have an intimate knowledge of the new standards set by GDPR and who they apply to within your organisation.
Outlined in GDPR Article 39, DPO responsibilities include:
- Inform staff who process personal data of their obligations under GDPR.
- Oversee compliance with the regulations within the organisation, including training staff involved in data processing, assigning responsibilities and related audits.
- Providing advice when requested on the data protection impact assessment and monitoring its performance.
- Must act as the organisation’s contact point for the supervisory authority on issues relating to personal data processing.
- Responding to individuals who data is processed, including clients, and employees.
Appointing a DPO
As GDPR will apply to every organisation that processes the data of individuals in the EU, not just companies located there, one study predicts that 28,000 DPOs will be required in order to see full compliance after the implementation of GDPR. DPOs need to be in place before the introduction of the new guidelines; this makes hiring or appointing a DPO, if you have yet do so, a priority.
A qualified DPO should have expertise in data protection laws, as well as professional abilities in leadership. It is paramount that they are familiar with the technology used in your organisation, your IT infrastructure, and your organisational infrastructure. Management skills are key, as an oversight could cost you and your company up to 4% of your global revenue. They will be acting as a contact representative for your organisation, so communications skills are also necessary.
A competent Data Protection Officer is fundamental to making sure your business is in compliance with GDPR. Asystec can help you make sure that there are no oversights when it comes to the implementation of GDPR. We can supply the infrastructure to ensure that you are in full compliance with the new regulations, safeguarding your business. Asystec has the knowledge and the tools to bring your organisation up to speed with the rest of the world, making sure you are protecting your assets.