The appointment of a Data Protection Officer (DPO), whether internal or external, is an obligation instituted by the General Data Protection Regulation (GDPR) for all public or private entities that are required to collect, store and/or process the personal data of a natural person. This data controller has different competences and a crucial function to allow their company to be compliant.
In France, the DPO is the successor to the Correspondant Informatique et Libertés (CIL), which simplified formalities with the CNIL and whose appointment was previously optional and whose obligations were more limited. The entry into force of GDPR on May 25, 2018 has given the position of DPO (Data ProtectionOfficer) a key role in the company to protect the personal data of users.
As defined by the CNIL, the European regulation (GDPR) frames the processing and protection of personal data throughout the European Union. Indeed, whether public or private, each organization / company must have the ability to prove that it carries out or has carried out the actions allowing it to be in compliance with GDPR. This includes the appointment of a Data Protection Officer (DPO).
The appointment of a DPO is an obligation in the following cases:
- You are a public body or authority and
- The data is subject to processing and it is considered “sensitive”, or
- The personal data is subject to “large-scale” processing, or
- Your activity is based on profiling individuals for advertising purposes.
Created even before GDPR (European Data Protection Regulation) came into force, and an expert in its implementation in the European Union and outside, DPO Consulting assists you in setting up actions and processes to enable your structure / company to be fully GDPR compliant. With tools, training and support tailored to your company for the processing and protection of personal data, take advantage of all our skills at your disposal.
The European regulation thus imposes certain measures and missions to the delegate whose role is to:
- Create and maintain of a personal data processing register,
- Carry out a Privacy Impact Assessment (PIA) when data processing is likely to cause high risks for individuals and their personal data,
- Implement ethical processes respecting the principle of Privacy by Design,
- Collect consent and information on people’s rights,
- The appointment of an internal or external DPO to apply the rules of GDPR in the above cases.
DPO Consulting supports organizations and companies affected by GDPR throughout their compliance. Small, medium, large companies, all sectors of activity, we strive every day to make data protection easier and accessible to all!