In part 2 of our GDPR series, we will discuss essential knowledge about hiring a DPO. With GDPR enforcement looming at less than ten days away, find out if your organization needs to work with a qualified DPO to ensure compliance with the new regulation.
With the start of the General Data Protection Regulation (GDPR) on May 25, 2018, we are about to see a major shortage of cybersecurity professionals around the globe. By 2022, experts are expecting a shortfall of over 350,000 cyber workers in Europe alone. We can expect, by default, a major shortage of workers on our shores as well. One main reason for this is the GDPR stipulation that a company MUST hire a Data Protection Officer (DPO) if they:
- are a public authority (except for courts acting in their judicial capacity)
- perform core activities that require large-scale, regular, and systematic monitoring of individuals (for example, online behavior tracking)
- perform core activities that consist of large-scale processing of special categories of data, or data relating to criminal convictions and offenses
Though the appointment of a DPO is mainly for the European nations, there are companies across the globe hiring for the position as a strategy to keep themselves at the top of the cybersecurity and compliance game. Thus, we are already seeing companies who are not strictly required to hire a DPO, appointing one to their staff.
Whether your company is required to hire a designated DPO or not, be aware that the same requirements and tasks of the position apply, just as they would had the appointment been mandatory.
So what does a DPO do?
- They assist you in monitoring internal compliance
- They inform and advise on data protection obligations
- They provide advice regarding Data Protection Impact Assessments (DPIAs)
- They act as a contact point for data subjects and the supervisory authority
- They help you demonstrate compliance
- They are part of the enhanced focus on accountability
What professional qualities should a DPO have?
- You should appoint a DPO on the basis of their professional qualities, and in particular, experience and expert knowledge of data protection law.
- Their credentials should be proportionate to the type of processing your organization carries out, taking into consideration the level of protection the personal data requires.
- It would be an advantage for your DPO to also have a good knowledge of your industry or sector, as well as your data protection needs and processing activities.
No matter where in the world your company might be located, knowing at least the basics of the GDPR can keep you and your company out of hot water.