With the implementation of the European Union’s General Data Protection Regulation (GDPR) which all set to start on May 25, 2018, businesses that handle any personal or individual data relating to European Union inhabitants must need the services of data protection officer popularly known as DPO. The organizations will need to appoint a data protection officer that focuses on information risk management and cyber security.
TASKS OF A DPO
- Inform and give advice to your business organization and staff who prepare personal information and data of their commitments as per the rules and regulation and other EU or local data protection provisions.
- Keep an eye on compliance with the guideline, with German or local data protection provisions and with the data protection policies of your business organization, including the awareness-raising, assignment of responsibilities, and training of your business organization staff involved in the processing operations, and the related audits.
- Provide you necessary advice where requested on data protection impact assessment and observe its performance.
- Cooperate with the SA (supervisory authority); and act as the organization’s contact point on issues related to the processing of personal data, including the prior consultation.
- Answer to all the individuals whose data is being processed (your clients, employees, and similar) on all issues related to the processing of their data and the exercise of their rights under the Regulation.
In short organizations should have finished their GDPR preparations well before May 2018 in order to gain assurance from and give assurance to third parties’ requests. This will require time, resources with the expertise, and then process those requests. Legal, information and data security teams as well as data protection groups should ready for this job so that they are not overwhelmed with call for closer to the enforcement deadline.