In about 16 months, the new European Data Protection Regulation (GDPR) is going to be enforced with the aim to harmonize the current data protection laws all across the European Union. If you would like to avoid massive fines the regulators will be able to impose, it would be wise to hire a data protection officer (DPO). DPO is mandated by GDPR with the formal responsibilities of presiding over “privacy by design”, operational resources, planning and strategy development. What exactly does it mean and who actually needs a DPO?
Basically, according to the GDPR every company with over 249 employees needs a Data Protection Officer. What is still uncertain is whether it will be a full-time position or not. Although a role of a data protection officer isn’t a new one, it is vital to help a company comply with the new regulation. A DPO should be a bridge between legal departments and technology. Obviously, being a Data Protection Officer goes beyond being an IT expert, since at this position you need to be independent and, in addition to the responsibility of managing compliance within the company, a Data Protection Officer has to report any compliance issues to the relevant regulators.
Besides many private sector organizations, every public sector organization needs a DPO. The GDPR makes it mandatory for organizations that process large volumes of data, especially sensitive data to have in place a data protection officer. That doesn’t mean that the companies that legally don’t need a Data protection officer will be off the hook. It is still necessary in every organization to have someone who will take ownership of data.
The required DPO can be booked from the “German Association for Data Protection”. You can also contact this association if your public or private organization needs any help with European Data Protection.