Blog » HEADS UP! DATA PROTECTION OFFICER ON BOARD!
HEADS UP! DATA PROTECTION OFFICER ON BOARD!
15 January 2018
My Colleague Anita is dealing with data protection issues for a longer period of time and in December 2017 she has became a data protection officer. Now I am asking Anita about her experiences she has acquired during the course.
Viki: Why have you decided to take the DPO course?
Anita: Soon after the adoption of the General Data Protection Regulation (GDPR) we have started to deal with this topic in the office. We have figured out the GDPR will have an impact on basically all on our corporate clients as if one has employees, it is 100 % that personal data will be processed.
Although we have already gained significant knowledge, our managing partner, Richard encouraged me to deepen it and acquire practical experiences. That is why I have decided to make the GDPR manager – Data Protection Officer course.
Viki: What is the difference between a data protection officer and a lawyer who is specialized on data protection law?
Anita: A data protection officer does not only need legal knowledge but also has to be able to understand all business processes at the company which require the processing of personal data, including information security matters.
As an example, as an attorney who deals with data protection issues I know about what the company needs to inform its employees or clients if he processes their personal data. As a DPO I have to understand and identify the “route” of the collected personal data throughout the company (whether data is transmitted, how long and where is it stored) and what are the security risks on that “route”.
Viki: Have you acquired rather theoretical or practical knowledge on the course?
Anita: Obviously, we had to know the theoretical basics, so we have thoroughly reviewed the GDPR. In fact, as a good advice we were told that if we would like to be DPOs, we should read the GDPR at least 20 times.
However, in the significant part of the course we have learned how to apply the GDPR based on practical examples. For instance, we identified who is who in a data processing activity with multiple actors (eg. if the customer orders a product from our company and it will be delivered by a haulier), how the current data processing activities need to be reviewed and how to make them GDPR-compatible or how the records of data processing activities shall be maintained.
Viki: Which client needs to have a DPO?
Anita: Organizations whose main activity is the regular and systematic monitoring of data subjects (like a security company who operates camera surveillance system) will definitely need to appoint a DPO. Similarly, those companies who are processing sensitive data (eg. health data) on a large scale, like health service providers shall have one.
Of course, based on his own consideration, a company can decide to appoint a DPO to ensure the highest possible level of data protection even if he is not obliged to do so.
During the GDPR-compliance project we are happy to help clients to think over whether is it necessary or worth to appoint a data protection officer.
Anita, thank you for answering my questions.
IS A FIXED AMOUNT OF DAMAGES VALID IN EMPLOYEE NON-COMPETE CLAUSES IN HUNGARY?
In its recent decision, the Curia dealt with questions, which may affect many employer in Hungary. Whether the non-compete clause of an employment contract, obliging the employee to pay a fixed amount damages in case of breach of the non-competition agreement, is valid? We analyse the decision in our short article.Read more »
CAN YOU SUE BOOKING.COM IN YOUR OWN COUNTRY? - THE ECJ RULED
In the recent past, the Court of Justice of the European Union had to deal with the question whether an accommodation operator registered to Booking.com can sue the latter because of abuse of dominant position. In this short article we analyse the background of the case and the decisions of the Court of Justice of the European Union.Read more »
ONLINE CONSUMER CONTRACTS – IS YOUR BUSINESS CONCERNED?
Black Friday is once again around us: the time when online shops and the consumer protection authority cash in some extra income every year. We guess you’ve already read about the extreme discounts and the record-breaking fines by the authorities, so in our article, we will explain, that without your knowledge, your own business can easily step into the field of consumer protection, in which case, your contracts are subject to special rules. In our article, we show you how you can recognize these situations and, of course, summarize the obligations.Read more »