I can't in good conscience allow the U.S. government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building
Edward Snowden - American Activist
When is a Data Protection Officer required?
An organisation is required to appoint a designated data protection officer where:
- the processing is carried out by a public authority or body;
- the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
- the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.
Conor McLaughlin, Solicitor and Principal at Conor McLaughlin & Associates Solicitors
Guidance on appropriate qualifications for a DPO
The GDPR does not define the professional qualities required or prescribe the training a DPO should undergo to be qualified to undertake the role. This allows organisations to decide on their DPO’s qualifications and training tailored to the context of the organisation’s data processing.
Relevant skills and expertise include:
- expertise in National and European data protection laws and practices including an in-depth understanding of the GDPR;
- understanding of the processing operations carried out;
- understanding of information technologies and data security;
- knowledge of the business sector and the organisation; and
- ability to promote a data protection culture within the organisation.
The Data Protection Commission recommends that the following non-exhaustive list of factors be taken into consideration when selecting the appropriate DPO training programme:
- the content and means of the training and assessment;
- whether training leading to certification is required;
- the standing of the accrediting body; and
- whether the training and certification is recognised internationally.
In any case, a DPO should have an appropriate level of expertise in data protection law and practices to enable them to carry out their critical role.
Notification of the Data Protection Commissioner of the appointment of your Data Protection Officer
Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.
How can we help you?
Our 4-step process
A consultation with our Data Protection Solicitors will help them to understand the nature of your needs and allow them to strategize the best path forward for you.
We review the types of personal data you process.
Our Data Protection Solicitors will carefully consider whether you require a Data Protection Officer.
Based on stages 1, 2 and 3 above our Data Protection Solicitors issue a letter of advices confirming whether you require a Data Protection Officer along with the various option open to you including the placement of one of our Data Protection Solicitors in your organisation.
The above article is one of a series of bi-monthly legal articles drafted by Conor McLaughlin, Solicitor and Principal at Conor McLaughlin & Associates Solicitors. They do not constitute legal advice and should not be acted upon without seeking legal advice particular to your set of circumstances. Conor McLaughlin & Associates Solicitors have their office in Bundoran, County Donegal. For further information on the above or any other legal issues you may have, please contact us on TEL: 071 984 1322, Email: email@example.com or at www.cmclassociates.com
Subscribe or register today to discover more from DonegalLive.ie
Buy the e-paper of the Donegal Democrat, Donegal People's Press, Donegal Post and Inish Times here for instant access to Donegal's premier news titles.
Keep up with the latest news from Donegal with our daily newsletter featuring the most important stories of the day delivered to your inbox every evening at 5pm.