DPO: Data Protection Officer
The European Regulation 2016/679 related to the natural persons protection regarding personal data processing and their free circulation, which will enter into force on May 25th 2018, introduces –among the key figures- The Data Protection officer “DPO”.
The DPO must necessarily be designated in the following cases:
– When the data processing activities are carried out by a public authority or by a public body (except for judicial authorities on duty);
– When the data processing consists of and requires regular and systematic monitoring of the concerned individuals on a large scale;
– When the data processing concerns, on a large scale, sensitive data relating to criminal convictions and offenses.
The DPO who is appointed by the Data Controller or by the Data Processor, must perform their tasks independently and report their activities directly to the company top managers. Their appointment must not be object of conflicts of interest.
The main assigned responsibilities to the DPO are:
– Provides advice to the Data Processor or to the Data Controller on obligations referred to in the 2016/679 Regulation.
– Monitors the compliance with the Regulation
– Acts as a contact point for the concerned parties to exercising their rights
– Cooperates with the Personal Data Protection Authority.
The DPO can be a Data Controller or Data Processer’s employee, or can be even be an external contractor carrying out their tasks on a service contract basis.
AGM Solutions offers consulting services to assist companies in adapting the 2016/679 European Regulation and has available professionals specialized in law who can cover the role of the Data Protection Officer.