Our company wants to hire a external DPO and asked me to be the internal DPO for 2018. My question is, what are my tasks and is this normally the way how it goes? What can I expect from the external DPO and what will be expected from me? Which questions do I need to ask the external DPO?
As regards to the duties of the Data Protection Officer (DPO) you can find a full job description in our EU GDPR consultation toolkit https://advisera.com/eugdpracademy/consultants/ . Among the responsibilities of a DPO I could mention:
- providing and maintaining the necessary documentation to demonstrate compliance with the GDPR;
- monitoring compliance with the GDPR and relevant local laws and regulations;
- ensures that training and awareness is available and delivered to all members of staff involved in the processing of
personal data; etc.
Regarding what to be expected from an external DPO, he or she should be performing the same tasks mentioned above, there should be no material differences between an internal and an external DPO. A key point to have in mind is that regardless if the DPO is a employee or an external consultant he/she must report directly to the organization’s management, must be guaranteed a degree of independence and must not be required to take instructions regarding the exercise of his/her functions
What the external DPO would expect from you is a question that I cannot answer since is dependent on the mandate given to him/her.