The Data Protection Officer (DPO) is a new leadership role created with the implementation of the General Data Protection Regulation (GDPR).
When it comes to compliance and regulations for the protection of personal data, the data protection officer is one of the most important roles within the company. What’s more, the data protection officer (DPO) role is only gaining more traction, given the increasing regulations for data privacy.
In addition to facilitating compliance through accountability tools- like data protection impact assessments (DPIA) and carrying out audits, DPO acts as an intermediary between relevant stakeholders.
DPO also oversees the data privacy and data protection policies to ensure the operationalization of those policies through all organizational units and makes sure the organization processes personal data in a compliant way.
The data subject is the person whose data is being processed. This means that whenever you provide your personal data to a company, you become the data subject in relation to that company. As a data subject, you have basic rights, including the right to be informed about what data is being processed and why, the right to object to data processing and the right to have your data deleted.
The next role within the GDPR is that of the data controller. The data controller is the person, company or authority that decides the purposes for which the data is processed. The data controller is responsible for the data processing, and the GDPR regulates the responsibilities and requirements related to the data controller.
Data Processor and Subprocessor
The data processor processes the data on behalf of the data controller. This is the case, for example, when a transport company delivers products to customers on behalf of the company that sells the products.The difference between the data controller and the data processor is that the data processor does not control or decide the purposes for which the data are processed.
Data Protection Authorities and Data Protection Officers
In order to ensure compliance with the GDPR and to provide guidance on how to comply with the Regulation, each country in the EU/EEA has its own state data protection authority;
A Data Protection Officer, also referred to as a DPO, is a role within a company or organization whose responsibility is to ensure that their organisation processes personal data in compliance with the GDPR and the national data protection regulations.
The data controller’s responsibilities
The data controller is the person, company or authority who decides on the purposes for which the data is being processed. The data controller is responsible for the data processing regarding the data protection authorities, and the data subjects.
Third Parties . Data Processing Agreement – DPA
If the data controller hires third parties for processing the data, the data controller must enter into a written agreement with the data processor.
No matter if the data is processed by the data controller itself, or by a data processor, the data controller must decide on the scope and purpose of processing, including:
The data controller must report data breaches
A data breach refers to a situation where personal data is accessed, lost or destroyed, either by mistake or as a result of theft or other fraudulent activity.
Data breaches that entail a risk for the data subjects must be reported by the data controller to the data protection authorities within 72 hours.
The Data Protection Officier responsibilities
DPO tasks and responsibilities include tasks associated with data privacy, such as:
We all have a responsibility
We all have a responsibility to protect and safeguard personal data, and to inform and report when personal data may be mishandled. Therefore, if you encounter a situation where you think data has been wrongfully accessed, altered, lost or deleted, you should always follow internal policies, and inform your data protection point of contact. This is critical in order to fulfil obligations towards data subjects, and to be a safe, professional and successful organization.
Source : CNIL https://www.cnil.fr/
Protecting personal data, supporting innovation, preserving individual liberties
In the digital world, the Commission Nationale de l’Informatique et des Libertés (CNIL) is the regulator of personal data. It assists professionals in their compliance and helps individuals to control their personal data and exercise their rights.