The Difference Between a Compliance Officer and a Data Protection Officer

Introduction: GDPR

With the introduction of GDPR (General Data Protection Regulation), the European Union’s latest data privacy act, organizations across the globe must meet compliance requirements. GDPR is changing the way companies handle customer data.

The new legislation was created to standardize data protection regulations across all 28 countries in the EU. It also imparts a great level of control amongst consumers regarding their personal data. GDPR ushers in a new era as for the first time, digital privacy will be legally enforced. The regulations went into effect on May 25th, 2018.

There are many essential aspects of the regulation. Companies will be held accountable for any breach of privacy, with large fines possible. To comply, organizations need to make changes to their website and opt-in policies. The impact to business is significant and is changing the way companies collect, store and use customer data.

GDPR applies to all organizations holding and processing EU residents’ personal data, which means the company doesn’t have to be in the EU in order to be affected. Organizations outside the EU must adhere to these requirements as well.

The GDPR also adds another layer to a company’s information security practices. Many will need to hire people to fill a new role, the Data Protection Officer (DPO). Most companies already have a compliance officer, so how will the DPO differ from this current role?

First, let’s look at the role of the DPO.

What Is a Data Protection Officer (DPO)?

A DPO has the formal responsibility for data protection compliance within a company. In certain countries, including Germany, the DPO has become a legal obligation; however, not every company will require a DPO. GDPR defines three different types of organizations that must appoint a DPO:

  • Public entities
  • Companies with large-scale systematic monitoring of individuals
  • Companies (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Beth Osborne. Read the original post at: