Updated: Apr 25
The European Union’s General Data Protection Regulation (GDPR) went into effect in May 2018, and its effects are sweeping the globe as companies work to be compliant with its stringent data privacy rules. Add to this, the fact that there are a number of additional data privacy regulations set to be introduced (particularly in the United States) and you can understand the effort organizations are putting in to be ready for these changes.
What is the GDPR?
The GDPR is now the core of Europe's digital privacy regulations. This new framework pertains to organizations in all EU member-states and impacts businesses and individuals around the world. GDPR brings a new set of regulations created to give EU citizens greater control over their personal information. Its goal is to streamline the regulatory process so that both citizens and businesses in the EU can fully benefit from the digital economy while minimizing data privacy risks.
The Need for Data Privacy Officer
If your company does business in the EU (and even if you don’t), the GDPR requires you to appoint a Data Privacy Officer, or DPO. Per the regulation, any “controller” or “processor” of data whose primary operations involve “regular and systematic monitoring of data subjects on a large scale” or whose primary operations include the processing of highly sensitive personal data must appoint a DPO.
While the specific tasks of a DPO will vary among companies, their key responsibility is to supervise data privacy compliance and minimize data protection risk for the organization. Generally speaking, the DPO’s work consists of ensuring the organization adheres to data privacy laws, utilizes data protection in business operations, deals with data privacy requirements as they pertain to new technologies, and oversees reputational risk that can result from data protection errors.
What are the Qualifications of a Data Privacy Officer?
A Data Privacy Officer should possess the expertise to perform the duties outlined in the GDPR. These responsibilities include:
Informing and advising their organization of their responsibilities under the GDPR
Managing and monitoring organizational compliance with the GDPR, and offering guidance on compliance
Serving as the primary contact person on all compliance issues and offering suitable cooperation
Article 38 of the GDPR outlines rules regarding the role of the DPO. The rule states that companies must provide the DPO with the resources required to ensure they are able to keep their knowledge current. Further, they cannot terminate the DPO for performing the responsibilities required by the regulation.
Do You Need a Data Privacy Officer if Your Company is Outside of the EU?
Many employers in the United States are struggling with the requirement to appoint a Data Privacy Officer. While the requirement to hire or appoint the position applies if a company is involved in significant data processing efforts, but there is no actual guidance. However, in today’s uncertain data privacy environment, appointing a role within the company dedicated to overseeing compliance can help in navigating this fast-evolving climate.
In addition, A DPO could extremely valuable in minimizing your company’s exposure in the event of a data breach or similar event. When these events occur, transparency and cooperation are among the most critical measures when assessing accountability and penalties in U.S. enforcement actions.
LMS Portals for Data Privacy Training
LMS Portals offers a cloud-based platform for launching and managing your own branded eLearning portal. Our clients leverage our platform to quickly and easily develop and deliver GDPR and other employee training content in a powerful yet cost-effective manner.