Discover the Data Protection Officer job. What does he do ? How and why is he important ?
The Role of a Data Protection Officer
The Data Protection Officer is the person in charge of the data protection, as requested by the General Data Protection Regulation (GDPR). His role is to monitor the data protection strategy to make sure the company complies with the law.
It will be asked of every company dealing with large amounts of data including personal data to hire a DPO. It is stated in the GDPR that the European Parliament, the European Council and the European Commission will implement in May 2018.
The Skills and Requirements Needed
As stated in the Article 39 of the GDPR, the DPO responsibilities are :
- Raise awareness of the company about the requirements to comply with GDPR and the need of data protection, and provide the tools to achieve it
- Lead compliance checks and anticipate issues
- Serve as the point of contact between the company and authorities (CNIL for example)
- Ensure that the register of the processing operations exists, is up-to-date and in accordance with the GDPR. Make sure it is available as it can be made public upon request
- Inform people whose data is being processed by the company of their rights
There is not a specific list of qualifications. However, the article 37 of the GDPR states that the DPO needs to have an “expertise concerning data protection laws and activities”. He then needs to make sure that his expertise is applied to the company data processing.
The company does not necessary need to hire someone to be their DPO. It can be an employee from the digital transformation team. It will be possible to only hire one DPO for a group of companies as long as he can properly do what is asked of him, and be available for every company of the group when needed. The company needs to publicly announce the DPO nomination and the information needs to be provided to all the extern supervisors.
How to Find the Perfect DPO?
As long as EU citizens personal data are stored or processed, the company needs to comply with the GDPR. Same if the company is located within the EU. This means many companies will need to comply and a recent study shows that not less than 28000 DPOs will be hired Companies will need to hire theirs before the GDPR enters into force, which means they should recruit as soon as possible.
The right person to hire must be a law and data protection expert and understand how your IT infrastructure works. Firms need to look for candidates who will manage data protection and compliance but also dare to point out nonconformities and report it to supervisory authorities.
The DPO you hire should ideally have management skills and create a trusting relationship with both the company employees and external authorities.