Article 37 GDPR

Article 37 of GDPR the Data Privacy Officer

What is a Data Privacy Officer?

A Data Privacy Officer is a leadership role or task based role aimed at keeping the company on track and compliant for all things privacy according to local, state, federal, and international laws like CCPA or GDPR.

How does the General Data Protection Regulation (GDPR) define the Data Privacy Officer (DPO)

According to Article 37 of the GDPR the DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection laws and practices and have the ability to fulfil the tasks referred to in Article 39.  This is simply to carry out the privacy duties of the organization without interference from the organization.

What are the tasks of the DPO?

  1. Monitor internal and external privacy compliance
  2. Work with the Data Protection Authority
  3. Fulfill data privacy requests
  4. Manage and oversee the internal DPR process
  5. Ensure ongoing compliance across all data access points and websites globally
  6. Report to the C-Suite and Board on all privacy issues, projects, and goals
  7. Maintain an independent privacy budget to meet and exceed all privacy guidelines and requirements
  8. Continuous review of privacy risks and processes to ensure compliance.

What if we can’t afford a DPO?

Many companies outsource a DPO.  UPPmarket provides as part of our Privacy Platform the ability to hire us as your outsourced DPO.

What are the qualifications of a DPO?

Very often you will find a DPO coming in from the IT or Legal side of the business.  They also should be familiar with privacy processes, and familiar with the day-to-day operations of your business.

A DPO is not a degreed position, but there are certifications you may require that come from the International Association of Privacy Professionals.

The key to success for a DPO is to avoid a conflict of interest between privacy and the success of his or her department.  Of course the DPO is there to support your company, but they should be able to do the job of DPO without having to choose between privacy success or the personal success.

If you have any questions on privacy please schedule a call with us anytime using this link.

Listen to our Global Privacy podcast episode on the role of a DPO.

Read 5 Things Your Brand Can Do to Get Privacy Compliant in 2021