Certified Data Protection Officer

What is a certified data protection officer

A Data Protection Officerf assists you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner's Office (ICO).

What Does a Data Protection Officer DPO do

The primary role of the data protection officer (DPO) is to ensure that the organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

Why do you need a Data Protection Officer

In May 2018, the new General Data Protection Regulation (GDPR) or perhaps better known as GDPR (General Data Protection Regulation) came into force legally. This GDPR (or GDPR) aims to give natural persons back control over their personal data by imposing new updated rules regarding the collection and management of this personal data. Both companies and public authorities and social profit organizations that - after May 2018 - do not comply with these new regulations can be imposed important sanctions by the data protection authority or simply: 'GBA' (formerly the privacy committee).

When must a data protection officer be appointed

Both controllers and processors must appoint a data protection officer if:

  • They are a public authority
  • Their core activities consist of regular and systematic monitoring of data subjects on a large scale
  • Their core activities consist of processing special category personal data on a large scale (including processing information about criminal offences)

What are the 5 key responsibilities of a data protection officer

  • Uphold data protection laws and practices
  • Monitor compliance
  • Support business operations and data handling
  • Notify teams and authorities of data breaches
  • Foster a security-aware culture

What are examples of data protection

  • be informed about how your data is being used
  • access personal data.
  • have incorrect data updated
  • have data erased.
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)

Is there a general accountability obligation

The GDPR adds a new general accountability obligation under which you must not only comply with these new rules, but also be able to demonstrate you comply with them. This means ensuring suitable policies are in place supported by audit and training.

What are the GDPR Fines

The GDPR is intended to make data protection a boardroom issue. It introduces an antitrust-type sanction regime with fines of up to 4% of annual worldwide turnover or €20m, whichever is the greater. These fines apply to breaches of many of the provisions of the GDPR, including failure to comply with the six general data quality principles or carrying out processing without satisfying a condition for processing personal data.

A limited number of breaches fall into a lower tier and so are subject to fines of up to 2% of annual worldwide turnover or €10m, whichever is the greater. Failing to notify a personal data breach or failing to put an adequate contract in place with a processor fall into this lower tier.