Data Protection Officer as a Service (DPOaaS)
The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities.
DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority.
The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.
A DPO can be an existing employee or externally appointed.
As part of our services, Chorus will.
- review and advise on privacy policies, procedures, documentation and 3rd party contracts
- oversee the establishment and maintenance of a personal data register
- oversee the mapping and documenting of the organisation’s processes
- advise on whether a data protection impact assessment (DPIAs) is required whenever a new process is implemented and oversee that DPIA
- provide guidance on data breach monitoring, management and reporting
- serve as the contact point to data protection authorities for all data protection issues
- serve as the contact point for individuals (data subjects) on privacy matters, including subject access requests
- facilitate GDPR awareness training and the training of staff involved in data processing operations
- reports for senior management to ensure corporate governance of the regulation and DPO attendance at one Board meeting per term
- monitor compliance with the GDPR