No, the DPO is not a variant of ACE fruit juice, so we explain what it really is, who it is, what it does and why it matters!
Follow the guide 😉
Data Protection Officer or DPO for short 🕶
As its name suggests, the DPO's role is to oversee the protection of personal data within the company or organization to which it is attached.
Whether embodied by an employee or an external service provider, the DPO follows the directives of the GDPR (General Data Protection Regulation) and the EDPB (European Data Protection Board).
The DPO or the lighthouse in the fog
The regulations surrounding data protection are vast and achieving compliance is not easy.
The DPO is there to be the point of reference in this ocean.
Without being responsible for the compliance of its organization or company, the DPO informs and advises its structure on best practices and strategies to implement. He also has a supervisory role on these matters and oversees the dissemination of a culture on the topics that are specific to him.
To have or not to have a DPO? That is the question.. 🎭
Article 37.1 of the GDPR provides for the mandatory designation of a DPO in 3 specific cases and reformulates it in its DPO Guide as follows:
Whether they are controllers or processors, the designation of a delegate is mandatory for:
• public authorities or public bodies (with the exception of courts acting in their judicial capacity);
• organizations whose core activities require them to carry out regular and systematic monitoring of individuals on a large scale;
• organizations whose core activities require them to process sensitive data or data relating to criminal convictions and offences on a large scale.
🍪 Of course, the CNIL strongly recommends that even outside of these specific cases, it is always good to designate a DPO within your company or call upon an external DPO for all organizations that encounter issues related to the processing of personal data.