Introduction to the General Data Privacy Regulation
The General Data Privacy Regulation (GDPR) governs how the personal data of EU citizens can be collected, transmitted, processed and stored inside and outside of the EU. GDPR went into effect on May 25th, 2018. As part of GDPR, the role of Data Protection Officer (DPO) has become very significant in organizations processing EU citizens’ personal data.
A Data Protection Officer is the person in charge of ensuring organizational compliance with the data protection regulations outlined in GDPR. In this article, we’ll discuss the responsibilities, role requirements and duties of a DPO as well as when an organization is required to appoint one.
Responsibilities of a Data Protection Officer
Article 39 of the General Data Protection Regulation defines the minimum necessary duties of a Data Protection Officer. These include the following:
- Providing information and advice to data processors, controllers and other affected employees of their obligations under GDPR and other EU Member State regulations
- Monitor compliance with GDPR and other regulations and policies, perform audits and provide training, awareness-raising and assignment of related responsibilities
- Provide advice on and monitor performance of the data protection impact assessment (defined in Article 35 of GDPR)
- Cooperate with the supervisory authority
- Act as the point of contact between the organization and supervisory authority
The duties of the Data Protection Officer are also protected under the General Data Privacy Regulation. GDPR provides the following specific instructions to organizations regarding the DPO (Article 38):
- Data Protection Officers should receive no instructions about how to perform their duties
- The Data Protection Officer cannot be fired or penalized for performing their duties
- The Data Protection Officer reports to the highest level of management of the data processor or controller
While a Data Protection Officer is tasked with monitoring how an organization (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/A_OjHBZP2rA/