DPO Profile

 

The DPO is a professional whose tasks are set out in article 39 of Regulation (EU) 679/2016, and who is responsible for applying legislation on privacy and data protection.

 

The data protection officer
will perform at least the following tasks:

Inform and advise the controller

Or the processor and the employees who process data of the obligations incumbent upon them under the Regulation and other data protection provisions in the European Union or Member States.

Overseeing compliance

The provisions of the Regulation, of other data protection provisions of the Union or of the Member States and of the policies of the controller or processor on the protection of personal data.

Act as a point of contact

of the supervisory authority for matters relating to processing, including the prior consultation referred to in Article 36.

Supervise its application

in accordance with Article 35 of the Regulations.

Offering advice

requested about the data protection impact assessment.

Monitoring awareness

and training of personnel involved in treatment operations.

Supervisar

assignment of responsibilities.

Supervise

the corresponding audits.

Cooperate

with the supervisory authority.
 

Make inquiries

to the supervisory authority, as appropriate, on any other matter.
 

The data protection officer shall perform his or her duties with due regard to the risks associated with the processing operations, taking into account the nature, scope, context and purposes of the processing.

 

To do so, he/she must be able to:

 
Qualities:
  • collect information to identify processing activities.
  • Analyse and check the compliance of processing activities.
  • Inform, advise, and issue recommendations to the controller or the processor.
  • collect information to supervise the register of processing operations.
  • provide advice on the application of the principle of data protection by design and by default.
Advise on:
  • whether a data protection impact assessment should be carried out or not.
  • what methodology should be followed when carrying out a data protection impact assessment.
  • Swhether a data protection impact assessment should be carried out in-house or outsource it.
  • what safeguards (including technical and organisational measures) to apply in order to mitigate any risk to the rights and interests of the data subjects.
  • whether or not the data protection impact assessment has been carried out correctly.
  • If its conclusions (whether or not to proceed with treatment and what safeguards to apply) are in compliance with the Regulation.
Advise the data controller on:
  • Which methodology should be used when carrying out a data protection impact assessment.
  • Which areas should be subject to an internal or external data protection audit.
  • Which internal training activities to provide to personnel or the managers responsible for data processing activities and to which processing operations the most time and resources should be dedicated.