The General Data Protection Regulation (GDPR) is a
regulation in EU law on data protection and privacy in the European
Union (EU) and the European Economic Area (EEA). It also addresses the
transfer of personal data outside the EU and EEA areas. The GDPR's
primary aim is to give control to individuals over their personal data
and to simplify the regulatory environment for international business by
unifying the regulation within the EU.
What you should know about the Data Protection Officer
The primary role of the Data Protection Officer (DPO)
is to ensure that her organisation processes the personal data of its
staff, customers, providers or any other individuals (also referred to
as data subjects) in compliance with the applicable data protection
rules. In the EU institutions and bodies, the applicable Data Protection
Regulation (Regulation (EU) 2018/1725) obliges them each to appoint a
DPO. Regulation (EU) 2016/679, which obliges some organisations in EU
countries to appoint a DPO, will be applicable as of 25 May 2018.
Appointing a DPO
The
appointment of a DPO must of course be based on her personal and
professional qualities, but particular attention must be paid to her
expert knowledge of data protection. A good understanding of the way the
organisation operates is also recommended.
We offer services such as GDPR Audit, GDPR Implementation and Consultancy, DPO-AS-A-SERVICE.