Competences requerided of the DPO


 

The DPO must gather specialized knowledge of law and practice in the field of data protection. Therefore, the necessary knowledge, abilities or skills that the person to certify must be known or possessed to carry out each one of the functions of the Data Protection Officer.

 

These generic functions of the DPD can be specified in advisory and supervision tasks, among others, in the following areas:

 

 

1. Compliance with principles relating to treatment, such as limitation of purpose, minimization or accuracy of data

 

2. Identification of the legal bases of the treatments

 

3. Assessment of compatibility of purposes other than those that originated the initial collection of data

 

4. Determination of the existence of sectoral regulations that can determine specific treatment conditions different from those established by the general regulations on data protection

 

5. Design and implementation of information measures for those affected by data processing

 

6. Establishment of mechanisms for receiving and managing requests for the exercise of rights by interested parties

 

7. Assessment of requests for exercise of rights by interested parties

 

8. Hiring of treatment managers, including the content of the contracts or legal acts that regulate the responsible-manager relationship

 

9. Identification of international data transfer instruments appropriate to the needs and characteristics of the organization and the reasons that justify the transfer

 

10. Design and implementation of data protection policies

 

11. Data protection audit

 

12. Establishment and management of records of treatment activities

 

13. Risk analysis of the treatments performed

 

14. Implementation of data protection measures from the design and protection of data by default appropriate to the risks and nature of the treatments

 

15. Implementation of security measures appropriate to the risks and nature of the treatments

 

16. Establishment of procedures for managing data security breaches, including risk assessment for the rights and freedoms of those affected and notification procedures for supervisory authorities and those affected

 

17. Determination of the need to conduct impact evaluations on data protection

 

18. Carrying out impact evaluations on data protection

 

19. Relations with supervisory authorities

 

 

20. Implementation of training and awareness programs for personnel on data protection.