top of page
CyberSecurity_logo_yleinen_nega.png
  • White Facebook Icon
  • X
  • White LinkedIn Icon
  • White Instagram Icon
  • White Vimeo Icon
Search

Data Protection Officer Role

  • Susanna Engblom, Senior Privacy Specialist
  • Nov 13, 2018
  • 3 min read

Data Protection Officer: Role, Requirements and Organising

The Data Protection Officer role has come into sharp focus on the EU’s General Data Protection Regulation (GDPR). Along with this, the market for data protection professionals is booming: the GDPR obliges certain organisations to appoint a separate Data Protection Officer (DPO) with the task of being an organisation’s internal expert in monitoring the processing of personal data and helping the organisation to comply with data protection rules.

The appointment of the Data Protection Officer is not an entirely new requirement. While some EU countries have had this obligation also prior to the GDPR, this requirement has now become an obligation for more and more organisations. Consequently, many organisations are now desperately looking for skilled and experienced Data Protection Officer. The The International Association of Privacy Professionals (IAPP) has conservatively estimated that at least 75.000 DPOs will be needed to manage EU citizens’ data around the world.

Staffing the Data Protection Officer role

The duty to designate the DPO can be directly based on an obligation under Article 37 of the GDPR, or an organisation may appoint one on a voluntary basis. According to Article 37, the controller and the processor shall designate a Data Protection Officer in any case where

  • the processing is carried out by a public authority or body

  • the controller’s or processor’s core activities consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale, or

  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data (Art. 9) or personal data relating to criminal convictions and offences (Art. 10).

In practice, many organisations appoint a DPO on a voluntary basis or at least a Data Protection Specialist, who is responsible for ensuring that data protection issues are duly considered in the organisation’s operations. However, it is important to note that an organisation that appoints a DPO voluntarily must still comply with the full range of DPO-related compliance obligations as if that appointment had been mandatory. When hiring data protection specialists other than a DPO, it’s important that they are not referred to as a DPO, for the aforementioned reason. A DPO is always a specific role with particular responsibilities under the GDPR.

It is important to note that the GDPR sets forth particular requirements as to the role, position, and tasks of a DPO within an organisation. A Data Protection Officer role and position within an organisation defined by three elements: monitoring and advice, independence, and privacy contact point. Therefore, it is important to guarantee a certain amount of independence and neutrality of the DPO, while at the same time embedding the DPO into the core data protection activities and privacy decision making of an organisation.If an organisation has a privacy team, the roles and responsibilities of its members and how it relates to the DPO should be clearly set out.

The GDPR leaves the decision-making to the organisations, on how to staff the Data Protection Officer role. The Data Protection Officer may be a staff member of the controller or processor, or the task could also be fulfilled on the basis of a service contract.

Privaon’s DPO services

Outsourcing the DPO is an easy way to organise and manage data protection issues, which benefits the organisation in a variety of ways. Privaon’s service portfolio includes a fully outsourced DPO (DPO as a Service), whereby the data protection resources can be flexibly dimensioned to meet unique organisational needs and data protection risks. If your organisation has already appointed a Data Protection Officer, Privaon can offer additional external resources (DPO Support) for the internal DPO by providing expertise whenever necessary.

The Privaon DPO service:

  • provides a dedicated customer team supporting with data protection issues and performing DPO duties

  • enables the organisation to focus on its core business while having professional support for decision-making related to the processing of personal data

  • mitigates the risk of conflict of interest, because an outsourced DPO is genuinely objective (free from constraints) in advising the organisation

To learn more about Privaon’s DPO-services, visit DPO as a Service page.

Writer

Susanna Engblom, Senior Privacy Specialist susanna.engblom@privaon.com www.privaon.com

 
 
 
Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

HYBRID EVENT PRODUCTION  BY BIG BUSINESS INSIGHT GROUP

CYBER SECURITY EXECUTIVE

CONTACT US

CUSTOMER CARE

AGENDA & SPEAKING INQUIRIES

PARTNERSHIPS

Mari Katajamäki

+358 40 568 1166

mari.katajamaki@professio.fi

Ville Hollstein

+358 044 353 5444

ville.hollstein@professio.fi

hello@bignordic.com

020 780 6221

BIG Business Insight Group is part of Professio Group.

ProfessioGroup_LOGO_white.png

Our Mission Is to Create the World's Most Competent People.

Read more about Professio Group and get to know our brands here.

Professio Group -logo brändit ilman Groupia valkoinen.png

Payment Methods

Maksutavat.png
bottom of page