The appointment of a Data Protection Officer “DPO”, whether internal or outsourced is mandatory for public or private entities collecting, storing and/or processing personal data of natural persons in application with the General Data Protection Regulation (GDPR). The DPO needs to have several skills and is a key function to ensure the compliance of a company.
In France, the DPO is the “Correspondant Informatiques et Libertés (CIL)’s successor. The CIL was in charge of fulfilling the mandatory formalities that needed to be sent to the French Supervisory Authority (CNIL). The existence of such a function was not an obligation and the responsibilities were low. However, since the implementation of the GDPR on May 25th, 2018, the Data Privacy Officer (DPO) plays a major role in the protection of personal data for companies.
The GDPR applies to any processing of personal data in the European Union and/or on natural persons located in the EU. Whether public or private, each organisation/company must be able to prove that it is carrying out or has carried out actions allowing them to comply with the GDPR. This can include the appointment of a Data Privacy Officer (DPO).
The appointment of a DPO is mandatory when:
- You are a public body or authority, or
- The personal data processed are “sensitive”, or
- The personal data are processed in a “large-scale”, or
- Your activity includes the profiling of natural persons for advertising purposes
DPO Consulting was created before the implementation of the GDPR (General Data Protection Regulation) and has always been an expert in the implementation of data privacy rules for companies within or outside the EU. We will support the management of actions and processes to make your company/organisation fully compliant with the GDPR. DPO Consulting provides you with all of their knowledge by using expert tools, training your employees and adapting their methodology to your activities.
Several rules of the European regulation (GDPR) could be part of the DPO function and/or the data controller such as:
- The creation and maintenance of a record of processing activity,
- The conduction of a Privacy Impact Assessment (PIA) when the processing is likely to cause high risks for data subjects and their personal data,
- The implementation of ethical processes respecting the principle of Privacy by Design,
- The collection of the consent and the information regarding the rights of data subjects,
- The appointment of an internal or outsourced DPO to ensure the implementation of the obligation that we have listed
DPO Consulting is supporting companies throughout the implementation of the GDPR. We work every day to make data protection easier and accessible to all entities whether they are small, medium, or large.