Blog » HEADS UP! DATA PROTECTION OFFICER ON BOARD!
HEADS UP! DATA PROTECTION OFFICER ON BOARD!
15 January 2018
My Colleague Anita is dealing with data protection issues for a longer period of time and in December 2017 she has became a data protection officer. Now I am asking Anita about her experiences she has acquired during the course.
Viki: Why have you decided to take the DPO course?
Anita: Soon after the adoption of the General Data Protection Regulation (GDPR) we have started to deal with this topic in the office. We have figured out the GDPR will have an impact on basically all on our corporate clients as if one has employees, it is 100 % that personal data will be processed.
Although we have already gained significant knowledge, our managing partner, Richard encouraged me to deepen it and acquire practical experiences. That is why I have decided to make the GDPR manager – Data Protection Officer course.
Viki: What is the difference between a data protection officer and a lawyer who is specialized on data protection law?
Anita: A data protection officer does not only need legal knowledge but also has to be able to understand all business processes at the company which require the processing of personal data, including information security matters.
As an example, as an attorney who deals with data protection issues I know about what the company needs to inform its employees or clients if he processes their personal data. As a DPO I have to understand and identify the “route” of the collected personal data throughout the company (whether data is transmitted, how long and where is it stored) and what are the security risks on that “route”.
Viki: Have you acquired rather theoretical or practical knowledge on the course?
Anita: Obviously, we had to know the theoretical basics, so we have thoroughly reviewed the GDPR. In fact, as a good advice we were told that if we would like to be DPOs, we should read the GDPR at least 20 times.
However, in the significant part of the course we have learned how to apply the GDPR based on practical examples. For instance, we identified who is who in a data processing activity with multiple actors (eg. if the customer orders a product from our company and it will be delivered by a haulier), how the current data processing activities need to be reviewed and how to make them GDPR-compatible or how the records of data processing activities shall be maintained.
Viki: Which client needs to have a DPO?
Anita: Organizations whose main activity is the regular and systematic monitoring of data subjects (like a security company who operates camera surveillance system) will definitely need to appoint a DPO. Similarly, those companies who are processing sensitive data (eg. health data) on a large scale, like health service providers shall have one.
Of course, based on his own consideration, a company can decide to appoint a DPO to ensure the highest possible level of data protection even if he is not obliged to do so.
During the GDPR-compliance project we are happy to help clients to think over whether is it necessary or worth to appoint a data protection officer.
Anita, thank you for answering my questions.
LET’S MAKE ORDER IN THE JUNGLE OF COMPANY ADDRESS TERMS IN HUNGARY
In legal texts you can see different terms referring to a company’s address: seat, place of business, premises, branch office, etc. Usually it is very hard to make differences from the context, and some of them seem to mean the same, because the most of the texts don’t tell you a definition. We will. Let’s see, what these words actually mean in Hungary.Read more »
6 MUST-KNOWS ABOUT LIQUIDATION PROCEDURES IN HUNGARY
When, why and how can you start liquidation procedure against your non-paying customer in Hungary? How long can you register your claim? What are the chances that you get your money in liquidation? We summarized the 6 must-knows of liquidation procedures in Hungary in this article.Read more »
CAN YOU SUE FACEBOOK IN YOUR HOME COUNTRY?
This was the basic question in a lawsuit in Austria filed by a private person against the social media giant. In this short article we explain the decision of the European Court which was published these days.Read more »