What is the role of a DPO?
The data protection officer (DPO) assists and supports data protection compliance for various businesses and other organizations, regardless of their area of operation. In some cases, the appointment of a DPO is mandatory under the European General Data Protection Regulation (GDPR), in other cases it is optional – but in all cases, only a DPO with professional expertise in data protection law and practice can perform the tasks that ensure that a business or organization is compliant with current data protection laws and would not be subject to data protection fine due to any non-compliance.
An employee or an external expert (such as a law firm) may be appointed as DPO. However, in the case of employees, conflict of interest rules may be particularly relevant and may be an obstacle to designating such persons as DPO (for example, typically the managers of the company cannot perform DPO duties). These obstacles may be less likely to arise in the case of an external expert.
In which cases is it mandatory to designate a DPO?
The GDPR provides for the mandatory designation of a DPO in several cases:
In which cases is it recommended to designate a DPO even if it is not mandatory?
In addition to the above mandatory cases, a company or organization may also decide to designate a DPO to support its data protection compliance. A number of large US-based technology companies have done the same; they would not typically be required to designate a DPO under the GDPR, but have chosen to do so because of their extensive technology services and the specific nature of the given organization or group. The designation of a DPO may also be recommended for other types of companies or groups of companies, in particular in the case of mass processing of personal data using new technologies.
How can we help you as your DPO with consistent availability?
As a DPO, we provide full and daily support in relation to our customers’ data protection compliance. This is typically provided for a fixed monthly fee:
Our success stories in this field
In recent years, we have provided ongoing data protection advice to a European-based technology company, enabling it to operate free from data protection risks and to become a model company in its field.
Labels: Data protection officer (DPO) GDPR (General Data Protection Regulation) Data protection audit Data protection regulations Data protection consulting Data protection guidelines DPO services Data protection register Data protection policy Data protection risk assessment Data protection supervisory authority Data breach Mandatory data breach notification Data protection training Data protection regulation