Data Protection Officers, or DPOs, are data protection professionals that are mandated by the recently-enacted General Data Protection Regulation (GDPR) in the European Union. This article will detail who needs to hire DPOs, the responsibilities of DPOs and management guidelines for DPOs. Even though GDPR is an EU regulation, the nature of data is truly worldwide and the effects of GDPR will reach organizations and entities beyond the borders of the EU.
Who Needs to Hire Data Protection Officers?
The text of the GDPR lays out which businesses and organizations are required to hire a DPO. Organizations need to hire a DPO if:
- More than 250 employees are in the organization
- Data processing is on a large scale — this means that the data that is collected, stored, processed or used affects a large population of people
- Data processing is conducted by a public body or authority
- Sensitive data is processed — including health, geolocation, trade union member, genetic information, sexual orientation or data relating to children
- Data processing of a type of data relating to criminal offenses
- You are tracking and monitoring data systematically
- You systematically process and monitor data that includes Internet traffic, visitors, IP addresses and so on
In practice, this applies to social media companies, companies that offer software-as-a-service (SaaS), health care service companies, educational institutions and generally any company that processes large amounts of personal data. As you can see, many medium- to large-sized organizations will have to hire a DPO to meet compliance with GDPR.
Responsibilities of Data Protection Officers
To better understand how to manage DPOs, it is important to first know what the various responsibilities of the role are. Below is a list of the most important responsibilities that management must hold their DPOs to:
- Ensure that data subjects and controllers are (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/c0Kkxfv7MNc/