The Data Protection Officer

Mars 5, 2018

The DPO works across business departments to inform employees of their obligation to comply with GDPR and other data protection laws.

The DPO is also for monitoring compliance, providing training and internal audits, and advising on data protection risk impact assessments, and needs to have a good understanding of cyber security. Finally, the DPO should have a perfect knowledge of the business context, especially if it is already deeply regulated (e.g. clinical research, pharmaceutical manufacturing, …)

This DPO is the single point of contact for the regulatory authorities for enquiries on data protection, including reporting a security breach to the authority. Oh yes, the DPO needs to understand your sector and communicate well. All this said, hiring a DPO does not change the controller’s full responsibility for compliance; there is no risk sharing in the outsourcing of the DPO role. Doing this, you will gain in transparency regarding the independence and the activities of this key DP role.

Xavier Gobert