When appointing a Data Protection Officer, many companies find that their employees lack the adequate expertise and familiarity with data protection legislation, or simply don’t have enough time due to their existing responsibilities. Did you know that the General Data Protection Regulation (GDPR) allows you to entrust the role of Data Protection Officer (DPO) to an external contractor?
We can provide you with certified, professional legal knowledge and extensive experience in the field of personal data protection consulting. Contact us!
Sanja Žaubi, Data protection officer (DPO) at Mikrocop
Who has to appoint a DPO?
In addition to public authorities, the following must also appoint a DPO:
- banks, insurance companies, electronic communications operators, retailers with loyalty clubs, staffing agencies, online stores and IT companies that operate CRM systems, that is, any company that processes individuals’ personal data and extensively, regularly, and systemically monitors these data,
- hospitals and clinics, health and social care institutions, providers of health information systems and services, and other entities which process health data and other sensitive data designated as a specific type of personal data under the GDPR.
Microcop was one of the first companies in Slovenia with a certified Data Protection Officer, and now you can hire us as an external DPO.
What does a Data Protection Officer (DPO) do?
INFORMS AND ADVISES
The DPO provides information and advice on your obligations under the GDPR and other personal data protection laws.
The DPO monitors the compliance of personal data processing and protection with the relevant legislation and your company policies.
EDUCATES AND RAISES AWARENESS
The DPO provides training and education to employees involved in personal data processing.
ADVISES AND ASSISTS
The DPO provides advice and assistance in assessing personal data security risks.
WORKS WITH THE INFORMATION COMMISSIONER
The DPO communicates with the Information Commissioner and is a contact point for data processing-related issues.
CONDUCTS AN ANNUAL AUDIT
The DPO conducts an annual review of personal data processing.
Why do you need an external DPO?
The GDPR stipulates that a company’s Data Protection Officer (DPO) may not be employed in a position enabling the DPO to define the purposes of personal data processing or the services employed for such processing. That means that these functions cannot be performed by an executive director, an operational director, the head of the IT, HR, or marketing departments, or anyone in a similar position. In this case, an external DPO - which Mikrocop can provide you - is the way to go. Simply put, this will avoid the conflicts of interest which may arise when an employee is appointed as a Data Protection Officer.
An external DPO allows you to fully and independently ensure that your personal data protection practices are complaint with the relevant laws and regulations on personal data protection.
In addition, an external DPO - such as Sanja Žaubi, Mikrocop’s certified personal data protection expert - also provides you with:
- expertise on national and European legislation and practice in the field of the personal data protection.
- in-depth knowledge and understanding of the GDPR,
- extensive experience in the field of personal data protection,
- experience with successfully-implemented consulting projects in the field of personal data protection at major Slovenian companies,
- operational independence, and
- high-quality, reliable advice.