Information Security

What does a Privacy Officer do?

The Privacy Officer is responsible for protecting special personal data. In this article, you will read all about the duties and responsibilities of the Privacy Officer, when a Privacy Officer is required, and how the Privacy Officer relates to the AVG (General Data Protection Regulation) and the functions of DPO (Data Privacy Officer) and Security Officer.
This article was last updated on
31/10/2024

What does a Privacy Officer do?

A Privacy Officer has several duties:

  • Draft and implement privacy policies, processor agreements, retention periods, processing records and procedures.
  • Making the internal organization aware of privacy laws and regulations, such as the AVG, GDPR, Telecommunications Act and e-Privacy Regulation;
  • Handling data breaches
  • Drafting and updating the privacy policy.
  • Monitor that processes, marketing campaigns, landing pages and promotional terms comply with privacy laws and regulations.
  • Maintain contact with the Personal Data Authority (AP).
  • Conducting Data Protection Impact Assessments (DPIAs).
  • Train and support an internal privacy officer.

The additional duties of a Privacy Officer in healthcare

A Privacy Officer in healthcare has some additional duties. This is because special personal data are processed in this sector. There are stricter conditions attached to this.

  • Establish the Information Security Management Forum (IBMF), which is mandatory for healthcare organizations.
  • Monitoring the Electronic Patient Record (EHR).

The role of a Privacy Officer as an AVG expert

Often in SMEs, an IT employee is assigned to the position of Privacy Officer. However, this person often does not have the necessary knowledge and experience. Therefore, organizations increasingly choose an external specialist to fill the role of Privacy Officer. With this, they can get all the necessary knowledge and expertise in-house from as little as 4 hours per week.

For example, our Storm van Wissen works 8 hours a week as a Privacy Officer at the RIBW:

"At the RIBW, I oversee the privacy of clients and employees. In addition, I make sure they are always compliant with AVG and other legislation."

Is a Privacy Officer mandatory?

According to Article 37 of the AVG, the appointment of a Data Protection Officer (also the job of a Privacy Officer) is mandatory for:

  • Public organizations and government agencies (courts excluded).
  • Organizations that process a lot of special personal data (such as data on health, religion or ethnicity).
  • Organizations that observe many individuals for example companies in the security industry or companies that create extensive person profiles.

Side note: This must be the core business of the organization. Just collecting data on website usage does not mean it is mandatory to employ a Privacy Officer.

Privacy Officer vs Data Privacy Officer (DPO)

The Data Privacy Officer (DPO) is also better known as the Data Protection Officer (FG). This is the person who oversees the application of and compliance with the AVG. Typically, the FG should have an independent role within the organization, but also have direct lines of communication with the board. Instead, the PO is responsible for drafting and implementing policy and can support the DPO/FG by being the point of contact for privacy issues within the organization.

Privacy Officer vs. Security Officer

Whereas the Privacy Officer focuses on data protection and privacy, the Security Officer focuses on securing information and systems against threats and breaches. Thus, the PO is responsible for protecting special personal data and privacy policies and the SO for securing systems.

Is protecting personal data an important issue for your organization? Check out our Privacy Officer service and other Interim Specialism and get all the knowledge and expertise you need. As little as 4 hours per week.

Tim Smit
Information Security Consultant
085 773 60 05
To news overview
KAM Certifications is now Fendix

We are a partner of