Under the EU General Data Protection Regulation (GDPR), certain organisations will be required to appoint a data protection officer (DPO). Organisations are required to register their DPO’s details with their national supervisory authority. In Ireland this is the Office of the Data Protection Commissioner, which should have an online form available shortly to facilitate the DPO notification process.
What is a DPO?
According to the GDPR, a DPO will oversee an organisation’s data protection activities. They will be the first point of contact on data protection issues within the workplace. This is a key advisory role, providing much-needed guidance on the identification and management of privacy risks.
The Regulation also states that a DPO should have three main attributes.
1.Level of expertise
The level of expertise required of a DPO can vary depending on the complexity and amount of data your organisation processes. However, as this is a ‘buck stops here’ role and the DPO may be the person who ensures your company avoids astronomical fines imposed by the Data Protection Commissioner, looking for a candidate with a certain level of experience is a good starting point.
They should have significant or demonstrable experience in EU and global privacy laws, be able to draft robust privacy policies and have knowledge of outsourcing agreements. Those with a legal background or qualification are usually strong candidates. However, as we live in an age dominated by technology, experience in IT operations can also be useful.
2. Professional qualities
As the GDPR is not just an IT issue and can affect many aspects of your business, your DPO may be required to work with various departments to achieve compliance. Therefore, leadership skills and the ability to work well as part of a team will be crucial.
Your DPO will be your company’s point of contact for the public should they have any enquiries, so strong communication skills and knowledge of how your business operates would be advantageous but are not essential.
In the case of a public authority or body, the DPO should also have a sound knowledge of administrative rules and procedures.
3. Ability to fulfil their tasks
As a DPO is essentially a compliance officer who is required to act independently, the ability to fulfil tasks and use their initiative is crucial. They can in no way be instructed how a certain result should be achieved; they must be able to create a set of goals designed to achieve their desired results and then execute these goals on their own.
This role is new to many organisations in Ireland, so finding a candidate who has all the right attributes will be a mammoth task. However, a suitable candidate who has most attributes can always attend our certified EU GDPR training to gain a more in-depth understanding of the Regulation and the steps they will need to take to ensure compliance in your company.
Let them learn from the experts about how they can be the DPO your organisation is looking for on our five-day Certified EU GDPR Foundation and Practitioner Combination Course available. Book now to avoid disappointment >>