What are the duties of a Data Protection Officer?

A Data Protection Officer has various tasks:

• Informing and advising:
  The DPO collects information about data processing within an organization, analyzes these processing operations to assess whether they comply with the AVG, and provides advice and recommendations to the organization.
  ‍
• Internal supervision:
  The DPO supervises internal compliance with the GDPR and other relevant privacy laws, such as European laws and regulations.
  ‍
• Advising on DPIA:
  The DPO advises on carrying out a Data Protection Impact Assessment (DPIA), a process for determining and assessing the privacy risks of data processing.
  ‍
• Collaborating with the Data Protection Authority (AP):
  The DPO collaborates with the Data Protection Authority (AP) and is the contact person for matters such as checks and reports.

When is a Data Protection Officer mandatory?

A DPO must be registered with the AP. This way, the AP knows who to go to for matters about the AVG. Based on Article 37 of the GDPR, it is mandatory to appoint a DPO in the following cases:
‍

1. Governments and public organizations
   All government agencies and public organizations, including national governments, municipalities and educational institutions, are required to appoint a DPO. It doesn't matter what their core activities are or the type of personal data they process.
   ‍
2. Regular observation on a large scale
   When an organization's core activity regularly observes individuals on a large scale. Examples include making risk assessments, video surveillance, using staff monitoring systems and monitoring someone's health via wearable devices (wearables).
   
   Determining whether this is considered a core activity depends on the number of people that an organization follows, the amount of data that organization processes, and how long the organization follows people.
   ‍
3. Processing a lot of special personal data
   When an organization processes a lot of special personal data, it is mandatory to appoint a DPO. Think of medical data at hospitals or criminal data at courts.

Data Protection Officer in your organization

The DPO must be able to work independently in your organization. In addition, the DPO must have enough time and resources for his work. Consider the following things a DPO needs:

‍

• Active support from management
• Easy access to the DPO for all employees without third party intervention
• Sufficient time to complete tasks
• Practical support (budget, facilities, staff)
• Clear communication to staff about the presence of the DPO
• Training to stay up to date with the rules

‍

At A-Vision, our Storm van Wissen gets plenty of space and works 4 hours a week as Data Protection Officer:”As a DPO at A-VISION, my mission is to ensure the privacy of customers, employees and stakeholders. As an external DPO, I have more distance from the organization and I best guarantee objectivity and impartiality.”

We can help

Does the processing of personal data play an important role within your organization? Check out our Data Protection Officer service and other Interim Specialty. Get all the knowledge and expertise from as little as 4 hours a week.

‍