Data Protection Officer Guideline – How to Organise the Data Protection Officer role?

CYBER SECURITY EXECUTIVE

PARTNERSHIPS

Tuija Taivainen
+358 40 530 1351
tuija.taivainen@bignordic.com

VENUE: KATTILAHALLI,

Sörnäisten rantatie 22,

00101 Helsinki​, Finland

LIPUT

Yasmin Kallava

+358 504 707 702

yasmin.kallava@bignordic.com

INTERNATIONAL PARTICIPANTS & ACCREDITATION

customercare@bignordic.com

Business Insight Group

Kalevankatu 31, 00100 Helsinki
www.bignordic.com

Subscribe our newsletter and we'll inform you about upcoming B2B conferences most suitable for your profession and interests.
 

All new subscribers will receive a 20% discount voucher that can be used for participation tickets!

Data Protection Officer Guideline – How to Organise the Data Protection Officer role?

 

Data Protection Officer Guideline – How to Organise the Data Protection Officer role?

 

There has been a lot of buzz around the subject of Data Protection Officer recently, which is why we decided to put together a Data Protection Officer guideline. The GDPR gives organisations the choice on how to staff the Data Protection Officer (DPO) role. DPO can be a staff member of the controller or processor. The GDPR also allows for the use of external service providers. The role of a DPO can therefore be fulfilled based on a service contract.

In practice this often means that an organisation that has decided to appoint a DPO has three options:

  1. Hire a DPO under an employment contract

  2. Train an existing staff member to serve as a DPO

  3. Acquire a DPO from an external service provider

So which option is a suitable one for your organisation? In this Data Protection Officer guideline, we have drawn up a list of important factors that should be considered when deciding on how to organise the role of a DPO.

 

 

5 Things to Consider with a Data Protection Officer

When considering options to organise DPO’s role, remember to take these five aspects into consideration:

  1. DPO’s expertise and qualifications

  2. Organisational goals for a DPO

  3. DPO’s industrial and organisational insights

  4. DPO’s ability to implement data protection practices

  5. Costs related to appointing a DPO

First thing you want to consider is whether the DPO has the fitting background and abilities to perform DPO tasks. DPO should preferably be an experienced data protection professional. A qualified DPO enables your organisation to avoid major risks and unlock added value of data protection, e.g. building trust and increasing operational efficiency.

 

Interpretations on DPO’s role in organisations vary a lot. The GDPR highlights the role of a neutral observer that focuses on monitoring that data processing activities don’t cause unnecessary risks to data subjects. Therefore, a DPO wouldn’t engage in driving compliance and leading operative actions. However, often the situation in reality is quite the opposite. DPO frequently coordinates data protection procedures and drives compliance, while at the same time controlling and managing for risky data processing activities. Despite of this controversy, it is vital to minimise DPO’s conflict of interest.

 

DPO can be closely involved in organisation’s daily operations. You should aim to acquire a DPO that is familiar with special requirements set by the business environment. At very least, this means being aware of industry-specific legislation. Your DPO will have a far better chance of succeeding when there’s a sufficient understanding of organisational characteristics.

 

DPO can enable structured coordination of data protection activities. Hence, a DPO is in a key role when implementing data protection practices through-out the organisation. Only when these practices become a daily routine in each function can we start reaping the added value of data protection.

 

Whether you decide to hire a DPO, train one or acquire an external service provider for the purpose, some costs are to be expected. You should consider the benefits this yields when picking the best option for your organisation. Acquiring an experienced service provider can produce some significant cost savings in comparison to hiring a new person for the role.

In the end your organisation should have a some-what clear picture whether you need a DPO or not before anything else. To learn more about this, see our article about appointing a DPO here. Once deciding on your DPO need, you should have a comprehensive picture of what you want to achieve with the DPO. Only then can you rationally weigh the pros and cons of different options of organising the role of a DPO.

 

 

Privaon’s Data Protection Officer services

 

 

Outsourcing the DPO is an effective way to organise and manage data protection issues, which benefits the organisation in a variety of ways. Privaon’s service portfolio includes a fully outsourced DPO (DPO as a Service), whereby the data protection resources can be flexibly dimensioned to meet unique organisational needs and data protection risks. If your organisation has already appointed a DPO, Privaon can offer additional external resources (DPO Support) for the internal DPO by providing expertise whenever necessary.

 

 

The Privaon DPO service:

  • provides a dedicated customer team supporting with data protection issues and performing DPO duties

  • enables the organisation to focus on its core business while having professional support for decision-making related to the processing of personal data

  • mitigates the risk of conflict of interest, because an outsourced DPO is genuinely objective (free from constraints) in advising the organisation

To learn more about Privaon’s DPO-services, visit DPO as a Service page.

 

Hopefully you found this Data Protection Officer guideline useful. If you would like to learn more, please contact us!

 

Writer

Ville Silvola, Marketing Specialist
ville.silvola@privaon.com
www.privaon.com

 

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Katse tietoliikenneverkkojen kyberuhkiin – miten voimme suojautua?

June 4, 2019

1/10
Please reload

Recent Posts
Please reload

Archive