In May of 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. This wide-reaching law touches any company, no matter what size or type, as long as they process the personal data of EU citizens or do business within the EU. The GDPR sets out a series of requirements to meet the law which dictates how a business should process personal data from customers, clients, employees, contractors and more. (A previous article explains how the GDPR impacts data collection practices.)
As part of the original remit of the GDPR, there was a provision to employ a Data Protection Officer, or DPO. In this article, we will address some of the main questions around the use of a DPO and look at what benefits a DPO can offer your business.
What Does a Data Protection Officer (DPO) Do?
Your DPO is your data privacy expert. They must be competent and experienced enough to understand the nuances of the GDPR and give advice on how to accommodate the requirements of the law. They should also be able to monitor your internal compliance strategy and process.
One of the most useful aspects of going through GDPR compliance is to carry out a Data Protection Impact Assessment (DPIA), and a DPO will be able to give advice on carrying out a DPIA. Another aspect of the DPO’s job is to act as a contact point between data subjects and the supervisory authority — an independent body which oversees the implementation of the GDPR.
For more information, you can also see Article 51 of the GDPR.
What Is a Data Protection Impact Assessment (DPIA)?
A Data Protection Impact Assessment, or DPIA, is a method of carrying out a risk analysis of the uses of personal data in an organization. It is (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/q8yaeVp94lM/