400 organisations and public authorities have been audited by the Swedish Data Inspectorate in its first review, to ascertain whether a DPO (data protection officer) has been appointed where required. The review showed deficiencies in nearly 25% of the organisations and authorities selected.
Under the GDPR (General Data Protection Regulation), all public authorities and certain organisations are required to appoint a DPO. The DPO is tasked with overseeing compliance with the Regulation.
“It is a very important factor in raising awareness and compliance with GDPR, which is why we prioritized this as our first GDPR review,” said Data Inspector General Lena Lindgren Schelin.
The review shows that a majority of organisations have appointed a DPO and notified the Data Inspectorate of the appointment, as they are required to do. However, of the 51 unions reviewed, 25% had shortcomings.
“As soon as the GDPR was introduced on May 25, we stopped issuing reprimands. However, in the future, if we were to see continued noncompliance regarding Data Protection Officers, administrative sanctions could be issued”, added Schelin.
DPO as a service (GDPR)
IT Governance’s annual subscription DPO service offers you hands-on support from one of our qualified DPOs, who will serve as independent data protection expert to your organisation. Your appointed DPO will:
- Review and advise on policies, procedures and documentation relating to the processing of personal data;
- Oversee the establishment and maintenance of the personal data processing register;
- Advise on the necessity of DPIAs (data protection impact assessments) and the manner of their implementation and outcomes;
- Provide guidance on data breach monitoring, management and reporting;
- Serve as the contact point for data protection authorities for all data protection issues;
- Provide advice and guidance on responses to privacy rights requests from individuals; and
- Monitor compliance with the GDPR.