What is the requirement?
Under Article 37 of the GDPR, for some organisations, it is mandatory that they appoint a Data Protection Officer (DPO) to this role. Other organisations may choose to appoint a DPO in recognition of the importance of meeting the compliance obligations.
How we can help
Many organisations will consider outsourcing the responsibilities of a DPO to privacy experts. XpertDPO offers a wide range of services to support or carry out the DPO role as well as ensuring organisations are well informed and up to date on data protection matters.
Your Xpert DPO will get to know your business and answer data protection questions relating to day to day activities to protect data subjects and your organisation from unnecessary harm.
We also know that there is much more to responding to rules and regulations than just compliance with the law. Not only can we support you in complying with the necessary legal requirements but we can also help you to transform the regulatory constraints of the GDPR into opportunities, ensuring that your compliance journey has a positive impact upon your existing economic and organisational models.
Key elements of our Outsourced DPO services:
• Updating, reviewing, and managing existing Data Protection compliance / information governance policies as required. Developing new policies/procedures as required.
• Implementing best practice procedures/policies for data privacy and data protection.
• Responding in full to all data protection/GDPR queries/requests for information/ad-hoc advice, including in relation to privacy and protection of personal data for your organisation.
• Informing and advising your organisation, and any staff members who process personal data, of the obligations pursuant to the GDPR and any other relevant data protection legislation.
• Managing Data Subject Requests (Access Requests etc.) to conclusion within the required statutory timelines. We manage many Data Subject Requests (DSAR) on behalf of our clients. Requests will follow these steps:
· Recognise the DSAR
· Confirm the Identity of the Data Subject
· Clarify the scope of the DSAR
· Identify that personal data exists – can this be disclosed?
· Identify valid exemptions that may be relevant
· Securely disclose the personal data to the data subject
· Record DSAR in DSAR register and document decision making
• Managing your organisation’s GDPR programme and seeking continuous improvement.
• Monitoring GDPR compliance and alerting management to any identified data protection risks.
• Submitting an annual DPO Report to the Executive Management Team and Audit Risk and Governance Committee, and reporting on any other data protection risks and issues as necessary.
• Providing support in relation to data processing by third-parties on behalf of Irish Centre for Diversity to ensure that there are Data Sharing Agreements and Data Processing Agreements in place, and monitoring compliance in relation to same.
• Conducting and managing Data Protection Impact Assessments (DPIAs) for current and new projects as required.
• Logging all personal data Breaches and near misses, and managing same to resolution, including liaising with the Data Protection Commission where required.
• Delivering training modules through on Data Protection compliance / information governance as required.