Data Protection Officer (DPO)
The General Data Protection Regulation (GDPR) makes it compulsory for organizations, under certain circumstances, to appoint a data protection officer (DPO).
The primary role of the Data Protection Officer (DPO) is to ensure that the firm processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
The DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection legislation and practices and the ability to fulfill the tasks and responsibilities of DPO.
The DPO is responsible for monitoring compliance within an organisation with the Regulation (EU) 2016/679, national GDPR legislation and any other guidelines, recommendations and best practices issued from time to time by the relevant European body, the European Data Protection Board and relevant national competent authority. The DPO can act also as an advisor in issues related to the processing of personal data.
The EU Regulation 2016/679 provides that non-designation of a DPO in mandatory cases may lead to the application of a fine of up to EUR 10 million or up to 2 % of the total worldwide annual turnover of the preceding financial year.
Our Company can be your firm’s external DPO as per the relevant provisions of the GDPR regulation and we can offer the following services (the list is not exhaustive):
• To inform and advise your firm and its employees who carry out processing of their obligations pursuant to the Regulation (EU) 2016/679 and to other Union or Member State data protection provisions.
• To monitor compliance of your firm with the Regulation (EU) 2016/679, with other Union or Member State data protection provisions and with the policies of the firm in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations.
• To provide advice where requested as regards the Data Protection Impact Assessment (DPIA) and monitor its performance pursuant to Article 35 of the Regulation (EU) 2016/679.
• To cooperate with the Supervisory Authority.
• To act as the contact point for the Supervisory Authority on issues relating to processing.
• Prepare:
• Record of Processing Activities
• Data Protection Impact Assessment
• Personal Data Protection Policy
• Privacy Policy Notice (Website)