Data protection officer - who it is and what will be its task

Data protection officer - who it is and what will be its task

As of 25 May 2018, a new European Commission regulation, which regulates the obligations of companies in collecting and processing consumers' personal data, came into force in the European Union. The GDPR Regulation has prepared a number of changes that an enterprise must implement as part of its processes by that date. One of them is the creation of a new job position called DPO - Data Protection Officer.

In the process of implementing measures, the DPO is the person who will oversee all processes related to the collection and processing of personal data. The world labor market predicts that 20 to 30 thousand jobs will be created in this position since the introduction of the measures. In the labor market, the demand for DPOs will thus increase significantly and will be a truly lucrative job.

Who is DPO and what are its tasks?

As mentioned above, the position of DPO in the company will be responsible for the collection, monitoring and processing of personal data. However, the DPO becomes the employee who bears full responsibility for eventual leakage or non-compliance with the rules set out in the new GDPR.

The competencies that fall under the Data Protection Officer are truly broad-spectrum. Monitoring all processes, but also legislation, is the most important function. It also provides information to clients who receive the right to a wealth of information under the new regulation. Similarly, the Data Protection Officer is a person who communicates with the Office for Personal Data Protection. It is also the task of the DPO to train employees who work with or collect personal data directly.

Companies that have to engage DPO

Under the new GDPR, an enterprise must fill this job position if:

• the processing is carried out by a public authority or a public body,
• the main processing operations of the controller or intermediary are manipulation of the 'large content' of the personal data of the data subjects,
• the main activity of a company or intermediary is the processing of data relating to the recognition of guilt for crimes and offenses.

For many businesses, the concept of large content of personal data is ambiguous. In particular, GDPR does not define the term itself, but so-called methodological guidelines are issued to GDPR, which determine the large content. This is both the amount of data and the number of items. The length of the archiving of personal data (to be determined) is also considered a large scope. So what can we consider a large scale?

• Processing of patient data in hospitals.
• Processing and registration of persons using data, such as transport companies.
• Processing location data within a specific application.

And many other cases, which also concern Internet service providers and applications (Facebook, Instagram, Google, YouTube...).

Qualitative features of DPO employee

It may be quite difficult to fill a DPO job position initially. This is indeed a great responsibility, and the threat of sanctions that threatens to fail to comply with the GDPR is a real deterrent.

It is therefore ideal to turn to a person who has been in the field of information technology, and more specifically in the field of cyber security. However, it is also necessary to understand the legislation and process management of this sector. Logically, in such a position, it is necessary for the person to possess responsibility, moral integrity and professionalism. The leakage of private information can be of liquidative nature especially for the company. This job does not have to be automatically held by a company employee. It may also be an external employee who, on the basis of a contract, takes care of all the elements associated with the protection of personal data. Trust in such a person is important and the business must be sure that the information will not be disseminated or passed on to others.