Highway11– Web Development & E-Commerce Specialists

All you need to know about Data Protection Officers

15 May 2018   Privacy   |   Policy   
With the new regulation on Personal Data Protection, companies processing personal data will have to employ a new agent in their businesses.

Data Protection Officers will be in charge of guiding companies on how to best comply with the new regulation. DPOs don't apply to all companies, but if yours is affected, you will need to understand this role, and what it means for your business.

Does my company need to appoint a Data Protection officer? Yes, if you are a public organisation or a company that processes a large amount of personal data.

Who is the DPO? He/She is the "pilot" of data protection within a company, and ensures its compliance with the GRDP. His/Her missions are to inform, advise, guide and control the personal data processing. In order to do so, the organisation appointing him must provide organisational or technical means.

Who must designate the DPO?The DPO should be designated by the controller and the processor. Basically, the controller is the person or organisation, who decides how personal data is processed in the organisation. The processor is the agent that makes it happen.

Is the Data Protection Officer liable? If the DPO is in charge of making sure the company is complying with the law, he is not personaly responsible, in case of non compliance with the GRDP. Furthermore, the controller and processor can not dismiss or sanction him/her for working on his/her missions. The same way with other employees, DPOs can be liable in case of tort, breach of civil, criminal law, or domestic law in general.

All companies will be responsible for implementing and demonstrating that the proper technical and organisational measures are carried out.

What does it mean for your business? There is no report anymore, the idea is to give self-control over the use of personal data to companies.

General obligation of securing data Your company will have to ensure the maximum security through controllers and processors such as encryption and regular security testing.

Breach security notification In case of a breach of security, the data processor will have to notify data controllers, who, later will have to report it to the supervisory authority. If this breach concerns customer data, the relevant parties will have to be informed about it.

What does this new agent mean for your company? The Data Protection Officer might be a key player in your company and should be carefully chosen as he will become an investment in terms of time and money. Indeed, you will have to provide him all means needed to accomplish his mission by giving him access to all services processing personal data or put him in position to avoid conflicts of interest.Looking at the obligations and qualifications carried out by him/her, it's very likely that you will need to designate someone out of your company. It would be recommended to have a good look at the DPO's role and missions, and share them with your employees, in order to ensure the best collaboration possible.