We live in a data driven world and hence we are seeing a movement of more roles within the enterprise that surround the idea of processing and working with data in regulated ways. With roles like the Chief Data Officer (CDO) and Data Engineers becoming more and more prevalent within the workplace, we at CluedIn are helping customers work through the potential data processing issues they will go through with the latest data regulations in the EU.
Introducing the newest of the data roles – The Data Protection Officer (DPO). This role will soon be required at companies where the processing of data is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, or where, in the private sector, processing is carried out by a controller whose core activities consist of processing operations that require regular and systematic monitoring of the data subjects, a person with expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with this Regulation.
The DPO is similar but not the same as a Compliance Officer and to some degree the CIO, as they are also expected to be proficient at managing IT processes, data security (including dealing with cyber-attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data.
The function and the role of a Data Protection Officer can be summarized but not limited to:
- Educating the company and employees on important compliance requirements
- Training staff involved in data processing
- Conducting audits to ensure compliance and address potential issues proactively
- Serving as the point of contact between the company and GDPR Supervisory Authorities
- Monitoring performance and providing advice on the impact of data protection efforts
- Maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request
- Interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information
The GDPR does not include a specific list of DPO credentials, but does require a data protection officer to have “expert knowledge of data protection law and practices.” The Regulation also specifies the DPO’s expertise should align with the organization’s data processing operations and the level of data protection required for the personal data processed by data controllers and data processors.
We are very excited to announce the on-boarding of our CluedIn Data Protection Officer, Anders Borum and making him available to all our current and upcoming customers for general advice and consultancy. You can book your sessions with Anders now at https://calendly.com/cluedin/gdpr to see if you comply and what could be done to help you comply to these rules that are coming in place on the 1st of May 2018.