What’s a Data Protection Officer?
The DPO (Data Protection Officer), introduced by GDPR, is a key player in the protection of personal data.
Faced with regulations that have transformed the legal framework applicable to data protection, the DPO’s mission is to provide guidance to the company to achieve compliance.
This cross-functional project implies changes in the company’s organization. In addition to legal aspects, it involves all the company’s processes.
The DPO is the CNIL (French Regulator)’s principal contact. It monitors the company’s implementation of regulations, advises the management in order to anticipate risks, alerts the management in case of dysfunctions and raises awareness on data protection issues.
Why should you designate a DPO ?
According to GDPR, art. 37, the appointment of a DPO is mandatory (i) for companies whose core activities involve processing that require the monitoring of individuals on a large scale on a regular basis and (ii) for companies whose core activities involve processing of personal data that fall into the category of sensitive data as described at article 9 of GDPR.
The DPO must have a legal and technical competence and must be completely independent, and free of conflict of interests.
Often, this independence cannot be ensured when appointing a DPO internally. This is why many companies outsource this function.
AURELE IT assists you as an external DPO.
Appointing Aurele IT as an external DPO brings the following benefits:
- a recognized expertise: Florence Ivanier is certified by the University Paris Dauphine (2019). Her practice is recommended in Data Protection Law (Leaders League ranking 2023)
- an experienced external DPO, appointed before the CNIL by international groups including Groupe Ecocert, Groupe Bryj, Fragmos Chain
- an external DPO specifically insured for this activity (professional insurance)
- an External DPO, member of the IAPP (International Association of Privacy Professionals), who implements the best practices as recommended by the AFCDP (French Association of Personal Data Protection Correspondents)
Our External DPO offer includes
- drafting and updating accountability deliverables
- recommendations and alerts to the Controller and drafting of an annual report
- guidance on new projects involving data processing, ensuring Privacy by design & by default implementation
- management of data subjects’ rights
- recommendation of any Privacy Impact Assessment and assistance for its implementation.
- review of data processing addendums with processors and clients (GDPR article 28)
- data breach management
- assistance in case of control by the CNIL or another European Regulator
- raising employees’ awareness regarding data protection.