Dachau, Germany -- (SBWIRE) -- 03/27/2018 -- Data protection in Europe is undergoing what is said to be a biggest change in the past 20 years, with EU's New General Data Protection Regulation (GDPR) taking effect on May 25th. New set of rules brings key changes to the current data protection framework including: extended jurisdiction of the GDPR, as it applies to all companies processing personal data of data subjects residing in the Union (regardless of the company's location); more revenue-based fines; strengthened conditions for consent; enhanced rights of data subjects, etc. The new Regulation requires organisations to completely transform the way that they collect, process, securely store, share and securely wipe personal data. Thus, engagement of senior management and forming the right team is key to successful GDPR readiness.
New Data Protection Regulation also introduces the role of a data protection officer (DPO). The DPO will have professional standing, independence, expert knowledge of data protection and, to quote the GDPR, be 'involved properly and in a timely manner' in all issues relating to the protection of personal data. Data protection officers will play a key role in making sure businesses comply with the new Regulation.
According to Article 39 and 38 (4) of the GDPR data protection officers are required to:
- inform and advise the controller, processor and its employees of their obligations to comply with the Regulation and other data protection laws
- monitor the compliance with the GDPR and other data protection laws, including managing internal data protection activities, training data processing staff, and conducting internal audits.
- advise with regard to data protection impact assessments when required
- cooperate and serve as a contact point for the supervisory authority on all issues relating to the processing of personal data
- serve as a contact point for data subjects on all issues relating to data protection practices and data subject's rights, such as the right to be forgotten, withdrawal of consent and alike.
Although appointing a data protection officer is already a requirement for many controllers in Germany, under current data protection laws, it is an entirely new requirement (and cost) for many international organisations. According to Article 37 the data protection officer has to be designated on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices. A DPO can either be a staff member or organisations can hire an external data protection officer. Given the fact that, outside Germany, DPOs are mostly a new requirement, there is currently a shortage of expert data protection officers on the market. German Association for Data Protection fills a part of this gap in the market, providing a highly educated external data protection officer with years of successful practice in the field. External DPOs provide a successful implementation of legal and internal requirements, tailoring their offer to the specific needs of each individual client. With years of experience in the fields of German and European data protection law, the employees of German Association for Data Protection have set itself the task of advising companies in all aspects of data protection developing concepts to implement the data security and protection of personal data in medium-sized companies and corporations.
For more information about external data protection officers and the company's other activities, visit: https://dg-datenschutz.de/.
Our dynamic team consists of lawyers and IT experts. Well-founded know-how, passion for technology and legal expertise characterize us. We support the demanding client in the planning and implementation of data protection compliant IT infrastructures.
Contact Name: Jovana Lazic
Robert-Bosch-Strasse 11 – 85221 Dachau, Germany