WHO IS IT?
The European Data Protection Regulation introduces a new role as a professional figure, that of the DPO (Data Protection Officer). The new Regulation provides, in some cases, for the obligation to designate the DPO, in others for the power to do so.
The DPO can be internal or external to the company.
PROFESSIONAL SKILLS AND DUTIES OF THE DPO
The DPO must have management, technical and legal skills.
To access and know how the data is used and managed.
It is responsible to verify that the daily use of data and of information protection systems is in accordance with GDPR.
To be an independent professional person internal or external to the company.
WHAT DOES IT DO?
GDPR obliges companies to prevent and reduce the risks according to a proactive approach. The DPO will be responsible for reporting any data or information loss to the privacy authorities, within 72 hours from the theft or accidental loss of data. Moreover, it is responsible for. Besides, it is in charge of:
- informing the data controller and employees of the obligations arising from the regulation
- monitoring compliance with regulation and all other corporate protections regarding data protection
- acting as a point of contact and cooperate with the Data Protection Authority
- checking that violations of personal data are documented, notified and communicated ( Data Breach Notification Management).
The DPO must have a corporate budget to keep abreast with the regulations in force.
It must have sufficient resources in terms of time to be able to carry out its tasks independently.
It must have an adequate salary according to its tasks.