What’s a Data Protection Officer?
The DPO (Data Protection Officer), introduced by GDPR, is a key player in the protection of personal data.
Faced with regulations that have transformed the legal framework applicable to data protection, the DPO’s mission is to provide guidance to the company to achieve compliance.
This cross-functional project implies changes in the company’s organization. In addition to legal aspects, it involves all the company’s processes.
The DPO is the CNIL (French data Regulator)’s principal contact. It monitors the company’s implementation of regulations, advises the management in order to anticipate risks, alerts the management in case of dysfunctions and raises awareness on data protection issues.
Whay should you designate a DPO ?
According to GDPR, art. 37, the appointment of a DPO is mandatory (i) for companies whose core activities involve processing that require the monitoring of individuals on a large scale on a regular basis and (ii) for companies whose core activities involve processing of personal data that fall into the category of sensitive data as described at article 9 of GDPR.
The DPO must have a legal and technical competence and must be completely independent, and free of conflict of interests.
Often, this independence cannot be ensured when appointing a DPO internally. This is why many companies outsource this function.
AURELE IT assists you as an external DPO.
Appointing Aurele IT as an external DPO brings the following benefits:
- a recognized expertise: Florence Ivanier is certified by the University Paris Dauphine (2019)
- an experienced external DPO, appointed to the CNIL by several companies
- an external DPO specifically insured for this activity
- an External DPO, member of the IAPP (International Association of Privacy Professionals), who implements the best practices as recommended by the AFCDP (French Association of Personal Data Protection Correspondents)
Our External DPO offer includes
- drafting and updating accountancy deliverables
- recommendations and alerts to the Controller and drafting of an annual report
- guidance on new projects involving data processing, ensuring Privacy by design & by default implementation
- management of data subjects’ rights
- recommendation of any Privacy Impact Assessment and assistance for its implementation.
- review of data processing addendums with processors and clients (GDPR article 28)
- data breach management
- assistance in case of control by the CNIL or another European Regulator
- raising employees’ awareness regarding data protection .
- sensibilisation des équipes à la protection des données