With GDPR now in effect, companies will need to ensure ongoing compliance, which may include appointing a data protection officer (DPO). In the United States and Europe alone, that translates to an estimated 28,000 new DPOs needed, according to the International Association of Privacy Professionals (IAPP). But what is a DPO and how does this role differ from existing roles dedicated to privacy and security? Who is best suited for this position, and where does it “fit” within a company’s structure?
What Is the Role of the DPO?
The most important duty of a DPO is to help the company understand how GDPR relates to the company business and to ensure that this knowledge is adequately transferred to company management and employees. While the DPO will observe, evaluate risk, and advise the company on how to correct issues and ensure compliance, he or she will not make those decisions for the company.
A typical scenario that would require the DPO’s expertise would be finding out whether a certain action — such as targeting consumers for a digital advertising campaign — would be in compliance under GDPR. The DPO would then conduct an independent assessment, reviewing GDPR requirements and standard approaches to privacy in this kind of situation. He or she would also consult guiding information published by privacy working groups in the EU or by data protection authorities. Based on this information, the DPO would advise whether the current data processing scenario is sufficient, or whether there’s cause for concern and a need to change the current process.
Clique aqui e leia a matéria completa.