The Data Protection Officer (hereinafter “DPO”) has the task, in particular, of monitoring compliance with the GDPR, he will also help in the drafting of the record of processing activities, carry out impact assessments, define with you your legal bases for processing activities, assess your legitimate interests, carry out regular audits, respond to requests of data subjects exercising their rights, etc. The DPO has an essential and leading role within the company.
If you are a public authority or your main activity consists of processing personal data on a large scale, it is mandatory to appoint a Data Protection Officer (art. 37 to 39 of the GDPR).
You can, of course, always voluntarily appoint a DPO to ensure regular monitoring and support of your data protection situation.
Despite his involvement and support in the implementation of the GDPR within the company, only the data controller and/or the subcontractor remain responsible/liable for any failures or violations with regard to the RGPD. Therefore, make sure that you comply with the requirements imposed by the RGPD on the basis of sound advice from your DPO.
The advantage of an external DPO is his independence from the company, he will not hesitate to let you know when a practice is not compliant with the RGPD. In addition, the DPO must have expert knowledge of data protection law and practice in the relevant sector. The DPO must also provide ethical guarantees. A specialized lawyer seems to be the right person for this task.
Discover our others domains of expertise for data protection :