WHAT IT DOES
It is the person who, with the appropriate qualifications (art. 37-39, GDPR):
Participate in all questions regarding data protection. Example: are you going to hire a provider for your online marketing campaign? Are you sure that the chosen provider presents the "sufficient guarantees"? The DPO is the one who answers these types of questions.
It deals with the internal training of the staff. A single provider, to cover all your privacy needs.
Make sure your internal privacy program works correctly. Entities usually invest a lot of effort and money in the initial part of the adaptation program, but processes usually lose steam. It is the DPO who will be in charge of verifying that all areas of your organization comply (and continue to comply) with the internal Information Security rules. The Management will always receive a comprehensive periodic report of all activities.
Supervise and direct the Impact Assessments of all the processes of your entity. A single professional, for the coordination of all areas of your entity.
Receive, manage and answer all questions from your users, clients, workers and consumers in general. The Management will always have a copy of each management, always carried out within the deadlines established by the Law. How many times have you wanted to ask how to manage a certain privacy matter and have had to call, wait, write, wait again, …? You already have the qualified person who deals with these matters.
WHO IS IT
He is the qualified professional, with specialized knowledge not only of the legislation on privacy and data protection, but also of how your entity works. The main task of a good DPO is to provide practical, feasible, effective and quick responses. Being internationally recognized as the holder of the most relevant international certifications in the field (CDPSE, CIPP / E / US, CISA) is solid guarantee of professionalism and ability.DO YOU NEED IT?
The appointment of the DPO is mandatory for:- Public authorities or bodies
- The entities whose main activity is the habitual and systematic observation, on a large scale , of interested parties
- Entities whose main activity includes the processing of sensitive personal data (art. 9 and 10, GDPR)