Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

EU GDPR - DPO, DPIA & other questions

  Quote
Guest
Guest user Created:   Jan 14, 2020 Last commented:   Jan 14, 2020

EU GDPR - DPO, DPIA & other questions

I was wondering if you could help me with some GDPR related questions:

1. How does an organization establish if it needs a DPO or no?

2. Does the DPO need to be an employee or it can be outsourced as well?

3. What would be the position of the DPO in the company organizational chart?

4. What would be the job description applicable to the DPO?

5. Is there any easy way to establish the duration of a GDPR compliance project?

6. What is the difference between a DPIA and a PIA?

7. When one needs to perform a DPIA?

8. Are there any specific requirements in terms of encryption?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Jan 14, 2020

1. How does an organization establish if it needs a DPO or no?

 Appointing a DPO is mandatory if (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR and personal data relating to criminal convictions and offenses referred to in Article 10 of the EU GDPR.

2. Does the DPO need to be an employee or it can be outsourced as well?

 Both options work. The DPO can be an employee or it can be outsourced. The most important thing is that it is independent and given adequate resources.

3. What would be the position of the DPO in the company organizational chart?

According to art. 37 of the GDPR the DPO should directly report to the highest management level of the controller or the processor. If you want to find out more about the tasks of the DPO check out this free webinar Role of the DPO according to EU GDPR (https://advisera.com/eugdpracademy/webinar/role-of-the-dpo-according-to-eu-gdpr-free-webinar-on-demand/).

4. What would be the job description applicable to the DPO?

Article 39 of the GDPR describes the main tasks of the DPO. However, you can find a more detailed Task description in our EU GDPR Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-premium-documentation-toolkit/).

5. Is there any easy way to establish the duration of a GDPR compliance project?

The duration is closely linked to the size of the company as well as the processing activities. We have developed a duration calculator that might give you an idea of the time needed.  You can it at https://advisera.com/eugdpracademy/eu-gdpr-compliance-duration-calculator/

6. What is the difference between a DPIA and a PIA?

They are basically the same thing. Before the GDPR it was used to be called Privacy Impact Assessment and after the GDPR it was called Data Protection Impact assessment. If you want to find out more about DPIAs check out this webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/).

7. When one needs to perform a DPIA?

A DPIA needs to be performed whenever a specific processing activity is considered as being a high risk to the rights and freedom if the individuals.

8. Are there any specific requirements in terms of encryption?

Encryption is just a method to protect the personal data and the GDPR does not impose a specific type of encryption however it does mention that it needs to be state of the art.

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 14, 2020

Jan 14, 2020

Suggested Topics

Guest user Created:   Aug 06, 2023 EU GDPR
Replies: 1
0 0

Do we need VPN to comply with GDPR?

Guest user Created:   Jul 12, 2023 EU GDPR
Replies: 1
0 0

Business Continuity Plan and GDPR

Guest user Created:   Jun 13, 2023 EU GDPR
Replies: 3
0 0

Questions on Retention Policies