Under the GDPR, you may be required to appoint a Data Protection Officer (DPO). This is someone within the organization who monitors the application and compliance with the GDPR.
Appointing a DPO is mandatory for:
– government agencies and public organizations
– organizations that, based on their core activities, track individuals on a large scale (for example, profiling people to make risk assessments, video surveillance, and monitoring someone’s health via wearables)
– organizations that, as part of their core task, are involved in processing special personal data on a large scale (data that reveal information about someone’s health, race, religion, criminal history, or sexual life)
Organizations for which a DPO is not mandatory can also voluntarily appoint a DPO.
The duties of a DPO can include:
- to supervise;
- making inventories of data processing;
- keeping records of data processing;
- keeping records of data processing;
- develop internal regulations;
- advising on technology and security (privacy by design);
- Providing input when drafting or adjusting a code of conduct.
A DPO has certain powers based on the GDPR. For example, the DPO must be involved in a timely manner in all matters related to the protection of personal data. Think of, for instance, a data breach. The DPO has access to all personal data and processing activities. The DPO must not receive instructions on how to perform his duties and he has protection against dismissal and detriment.
Who can be a Data Protection Officer?
The DPO can be an internal employee but can also be hired externally, as long as they meet the requirements of the GDPR. For instance, they must be sufficiently knowledgeable and possess adequate professional qualifications to perform their duties. This means that the DPO has experience and knowledge of the GDPR and other privacy legislation, understands data security well enough, and is familiar with the organization and the sector.
Femke and Liesbeth have both recently successfully completed the training to become Data Protection Officers (DPO). Interested in discussing the possibilities of appointing one of us as an external DPO? Feel free to contact us!
