A Data Protection Officer is a position or role within an organisation. The Data Protection Officer oversees the processing of personal and privacy-sensitive information. When the General Data Protection Regulation (GDPR) comes into force in May 2018, many companies will be obliged to have appointed a Data Protection Officer.
The Data Protection Officer’s tasks include advising organisations on how to comply with the General Data Protection Regulation, employee training, and conducting internal audits. The Data Protection Officer also acts as the contact person for the supervisory authority and for the individuals to whom the data relates.
Except for certain (small) companies, the Data Protection Officer will keep a register of all organisational processes that involve personal data processing. This register, which should also contain information about the purpose and conditions of the processes, may be made available to the supervisory authority.
These conditions mean that companies processing personal data are not obliged to appoint Data Protection Officers if these processes are not part of their core business. In that case, the company must prove that these processes are not directly related to the organisation’s core business.
There are no specific requirements. The Officer should be an ‘expert in the field of data protection legislation.’ Therefore, the Officer should have extensive experience in the areas of privacy protection, data security, business processes, and be well-informed about the relevant aspects of the organisation.
The Data Protection Officer could be an existing employee, but there should not be a conflict of interest between the two roles of the employee. For example, a Data Controller cannot be appointed as a Data Protection Officer because he is already responsible for many data processing operations.
The new European legislation allows the appointment of outside professionals. This is an excellent solution for SMEs and organisations with little in-house knowledge about data security. This role can be fulfilled by a privacy lawyer.
A lot depends on what is already in place at your company. You should at least:
This article was published in the Online Payments and Ecommerce Market Guide 2016, an online report by The Paypers. You can learn more about online payments by downloading your free, printable PDF copy of this report HERE.