BusinessResources

100 days to GDPR compliance deadline

By February 1, 2018 No Comments

The rise of the Data Protection Officer & GDPR

 The European DPO (Data Protection Officer) currently, controllers are required to notify their data processing activities with local DPAs, which, for multinationals, can be a bureaucratic nightmare with most Member States having different notification requirements.Under GDPR it will not be necessary to submit notifications / registrations to each local DPA of data processing activities, nor will it be a requirement to notify / obtain approval for transfers based on the Model Contract Clauses (MCCs).Instead, there will be internal record keeping requirements, and DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences. Importantly, the DPO:

  • Must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices
  • May be a staff member or an external service provider
  • Contact details must be provided to the relevant DPA
  • Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge
  • Must report directly to the highest level of management
  • Must not carry out any other tasks that could results in a conflict of interest.

 

 

Need to know more, how can we help?

Contact UsContact Us