Areas of Practice
DPO as a service
The Data Protection Officer (hereinafter “DPO”) has the task, in particular, of monitor compliance with the RGPDIt will also assist in drafting the processing register, carry out impact assessments, define with you your legal basis for processing, assess your legitimate interest, carry out regular audits, respond to requests to exercise rights, etc. The DPO has an essential and leading role within the company.
If you are a public authority or if your main activity consists of processing personal data on a large scale, you are obliged to appoint a Data Protection Officer (art. 37 to 39 GDPR).
You can, of course, always voluntarily appoint a DPO to ensure regular monitoring and support of your data protection situation.
Despite its involvement and support in the implementation of the RGPD within the company, only the controller and/or the subcontractor remain(s) responsible for failures or violations with regard to the RGPD. Therefore, make sure that you comply with the requirements imposed by the RGPD on the basis of sound advice from your DPO.
The advantage of an external DPO is his independence from the company, he will not hesitate to let you know when a practice is not compliant with the RGPD. In addition, the DPO must have expert knowledge of data protection law and practice in the relevant sector. The DPO must also provide ethical guarantees. A specialized lawyer seems to be the right person for this task.