What does a Privacy Officer do?
A Privacy Officer has several duties:
- Draft and implement privacy policies, processor agreements, retention periods, processing records and procedures.
- Making the internal organization aware of privacy laws and regulations, such as the AVG, GDPR, Telecommunications Act and e-Privacy Regulation;
- Handling data breaches
- Drafting and updating the privacy policy.
- Monitor that processes, marketing campaigns, landing pages and promotional terms comply with privacy laws and regulations.
- Maintain contact with the Personal Data Authority (AP).
- Conducting Data Protection Impact Assessments (DPIAs).
- Train and support an internal privacy officer.
The additional duties of a Privacy Officer in healthcare
A Privacy Officer in healthcare has some additional duties. This is because special personal data are processed in this sector. There are stricter conditions attached to this.
- Establish the Information Security Management Forum (IBMF), which is mandatory for healthcare organizations.
- Monitoring the Electronic Patient Record (EHR).
The role of a Privacy Officer as an AVG expert
Often in SMEs, an IT employee is assigned to the position of Privacy Officer. However, this person often does not have the necessary knowledge and experience. Therefore, organizations increasingly choose an external specialist to fill the role of Privacy Officer. With this, they can get all the necessary knowledge and expertise in-house from as little as 4 hours per week.
For example, our Storm van Wissen works 8 hours a week as a Privacy Officer at the RIBW:
"At the RIBW, I oversee the privacy of clients and employees. In addition, I make sure they are always compliant with AVG and other legislation."
Is a Privacy Officer mandatory?
According to Article 37 of the AVG, the appointment of a Data Protection Officer (also the job of a Privacy Officer) is mandatory for:
- Public organizations and government agencies (courts excluded).
- Organizations that process a lot of special personal data (such as data on health, religion or ethnicity).
- Organizations that observe many individuals for example companies in the security industry or companies that create extensive person profiles.
Side note: This must be the core business of the organization. Just collecting data on website usage does not mean it is mandatory to employ a Privacy Officer.
Privacy Officer vs Data Protection Officer (DPO)
De Data Protection Officer (DPO) staat ook wel beter bekend als de Functionaris Gegevensbescherming (FG). Dit is de persoon die toezicht houdt op de toepassing en naleving van de AVG. Kenmerkend voor de FG is dat deze een onafhankelijke rol moet hebben binnen de organisatie, maar ook directe lijnen met het bestuur heeft. De PO is juist verantwoordelijk voor het opstellen en implementeren van het beleid en kan de DPO/FG ondersteunen door het aanspreekpunt te zijn voor privacyvraagstukken binnen de organisatie.
Privacy Officer vs. Security Officer
Whereas the Privacy Officer focuses on data protection and privacy, the Security Officer focuses on securing information and systems against threats and breaches. Thus, the PO is responsible for protecting special personal data and privacy policies and the SO for securing systems.
Is protecting personal data an important issue for your organization? Check out our Privacy Officer service and other Interim Specialism and get all the knowledge and expertise you need. As little as 4 hours per week.
