Does a small Biotech company need to have a DPO?
I have a question for you. Does a small Biotech company need to have a DPO?
Thanking you in advance.
Assign topic to the user
Article 37 GDPR states that the controller shall appoint a Data Protection Officer (DPO) when(a)the processing is carried out by a public authority or body;(b) the core activities of the controller or the processor consist of processing operations which require regular and systematic monitoring of data subjects on a large scale; or(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 (included health data).
Therefore, if your company process data on a large scale or there is regular and systematic monitoring of data subjects on a large scale (i.e. an app tracking Covid infections) you should appoint a DPO. You need to consider the scale of processing rather than the dimension of the company. Large scale is not defined by the GDPR, however, the former Working Party (a group study established the EU Commission) defined few examples of large scale (https://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_annex_en_40856.pdf):
- processing of patient data in the regular course of business by a hospital
- processing of travel data of individuals using a city’s public transport system (e.g. tracking viatravel cards)
- processing of real time geo-location data of customers of an international fast food chain forstatistical purposes by a processor specialised in these activities
- processing of customer data in the regular course of business by an insurance company or a bank
- processing of personal data for behavioural advertising by a search engine
- processing of data (content, traffic, location) by telephone or internet service providers
Here you can find more information:
- Article 37 GDPR https://advisera.com/eugdpracademy/gdpr/designation-of-the-data-protection-officer/
- The role of the DPO in light of the General Data Protection Regulation https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Oct 19, 2020