DataLaws DPO as a Service
Now that the General Data Protection Regulation (GDPR) has come into effect, many organisations are now required to appoint a Data Protection Officer (DPO).
Article 37 of the (GDPR) makes it mandatory to appointment a DPO for all public authorities and other organisations where the core activities of the controller or the processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data”.
The role of the DPO involves many complex and diverse tasks and it is recognised that the talent pool for this role is scarce. This makes the task of employing a suitable DPO challenging, time consuming and expensive.
The GDPR outlines the following tasks a DPO is expected to perform as part of their role.
- Serving as a point of contact for data subjects and supervisory authorities
- Raising awareness within the organisation of data processing requirements under the GDPR and other relevant and applicable data protection and privacy laws
- Monitoring the organisation’s compliance with the GDPR
- Monitoring data privacy risks arising from the organisation’s activities
- Ensuring staff are trained and aware of data processing requirements
- Conducting data protection and privacy impact assessments (DPIA)
- Maintaining records of processing (RoDP)
- Undertake data security and processing audits