GDPR: WHO IS THE DPO?

The European privacy law introduces a new person in the business staff, here’s who is the Data Protection Officer and what are his functions

We already talked about the new regulation on data protection: it is called GDPR and it will be officially applied in Europe on 25th of May 2018. As well as several changes needed to get compliant to the new European privacy law in terms of security measures and sensitive data processing, the GDPR introduces an important role in the business context, the DPO. DPO stands for Data Protection Officer and is the person who will be responsible for the personal data processing and so also of their protection for a business or a Public Administration.

The DPO shall be in possession of specific requirements: skills, experience, independence and autonomy of resources, absence of conflict of interest. He will have to guard the organization privacy profiles through a surveillance on the proper application of the European Regulation, on the responsibility attribution, information, staff awareness and training, consulting and provision of opinions. The Data Protection Officer, who can be in-house or external, shall cooperate with the Competition Authority and will report directly to the highest management level of the data controller.

The Data Protection Officer is a reference and contact point for the Citizens, who can ask him all their questions about the processing of their personal data and about the exercise of the rights provided by GDPR. The identity and contact data of DPO shall be reported in the interests of transparency for citizens, in the privacy policy, on the business website and also in the processing register. In the execution of his tasks the DPO shall consider the risks about the processing, taking account of their nature, area of application, context and purposes.

For what kind of companies the nomination of DPO is mandatory?

The debate on which cases the nomination of the Data Protection Officer is mandatory is still open. Some guidelines help us to clear the main doubts about it, but there are still some interpretative possibilities. For a company or a Public Administration, the nomination of DPO is mandatory in the cases of:

1. The processing is performed by a public authority or entity, except the courts when acting in their judicial capacity;
2. The main activities of the Controller are processing that, for their nature, area of application and/ore purposes request a regular and systematic monitoring of data subjects on large scale; or
3. The main activities of the Controller are processing of, on large scale, particular categories of personal data or data relating to criminal charges.

Reserve now your free consulting with our experts and comply with GDPR!

 
Facebook
Twitter
LinkedIn

Contact us

Fill out the form and one of our experts will contact you within 24 hours: we look forward to meeting you!

Contattaci

Compila il form e un nostro esperto ti ricontatterà entro 24 ore: non vediamo l’ora di conoscerti!

Richiedi la tua prova gratuita

Ehi! Stai già andando via?

Iscriviti alla nostra newsletter per restare aggiornato sulle novità dell’universo Criticalcase