Basic GDPR terminology: data controller and data protection officer
In the basic terminology section, we would like to briefly, clearly and understandably explain the basic terms of the GDPR
The European Data Protection Regulation (GDPR) is a new regulation that will come into force on 25 May 2018. Private companies and public authorities (data controllers) will have to establish the position of data protection officer
Privacy Officer - any entity that processes, collects and stores personal data of its employees or clients or other persons. The controller is responsible for processing personal data for which it must have a legal basis, for complying with its obligations under the GDPR and for properly securing personal data against leakage. The controller must apply deliberate data protection, appoint a DPO (only some controllers), report breaches or leaks of personal data to the Data Protection Authority and to the individuals to whom the data relates.
Data Protection Officer - DPO (Data Protection Officer) - monitors the compliance of personal data processing with the requirements of the GDPR, conducts internal audits, staff training and overall management of the internal data protection agenda. The DPO also informs, advises and makes recommendations to the controller or processor. The Controller appoints the Data Protection Officer on the basis of his/her professional qualities, in particular his/her knowledge of the law. The controller shall provide the trustee with resources to maintain his or her knowledge.
Who must appoint the DPO and in what cases?
- If the controller or processor of personal data is a public authority or public body
- If the core business of the controller or processor requires extensive, regular and systematic monitoring of personal data subjects
- Where the main activities of the controller or processor consist of large-scale processing of special categories of data or personal data relating to criminal convictions and offences
Custodian as a service
It is up to companies whether they choose to handle the fiduciary function internally or externally. If they choose in-house staff, they must ensure they are sufficiently qualified. The advantages of outsourcing lie in the financial savings, plus the fiduciaries will already be trained. By choosing an external DPO, companies also eliminate the complexity of finding a suitable employee.
The DPO must work closely with the Data Protection Authority, which is the official representative and guarantor of compliance with the new European GDPR regulation.
If you are interested in DPO outsourcing options or any other information, please contact us. We will be happy to advise and address your needs and questions individually.