DPO/DPO SERVICE
With this service we fully assume the functions of DATA PROTECTION OFFICER (DPO) being designated in the Spanish Agency for Data Protection
The current regulation offers a modernized compliance framework based on accountability when it comes to Data Protection in Europe. The Data Protection Officer (DPD or DPO for its acronym in English Data Protection Officer) is the nuclear element of this new legal framework for many organizations, which facilitates compliance with the provisions of the GDPR.
The GDPR obliges certain data controllers to designate a DPO, which is applicable to all authorities and public bodies (regardless of the data they process) and to other organizations that, as their main activity, monitor persons of systematically and on a large scale, or who process special categories of personal data on a large scale.
DPO/DPO SERVICE
Even in cases where the GDPR does not specifically require the appointment of a DPO, it is really useful for organizations to designate a DPO voluntarily, since it represents a great defense against possible complaints regarding Data Protection, since DPOs They act as intermediaries between the Spanish Agency for Data Protection and the complainants, which allows mediation between the parties and avoids in the first place the direct action of the AEPD Inspectorate in the event of a claim, as stated in art. 37 LOPDGDD.
Article 37. LOPDGDD.
Intervention of the data protection officer in the event of a claim before the data protection authorities.
- When the person in charge or the person in charge of the treatment has designated a data protection delegate, the affected person may, prior to filing a claim against them, before the Spanish Agency for Data Protection or, where appropriate, before the autonomous authorities of data protection, contact the data protection officer of the entity against which the claim is made.
In this case, the data protection delegate will notify the affected party of the decision that has been adopted within a maximum period of two months from the receipt of the claim.
- When the data subject files a claim with the Spanish Agency for Data Protection or, as the case may be, with the regional data protection authorities, they may refer the claim to the data protection officer so that the latter responds within the period of one month.
If after said period the data protection officer had not communicated to the competent data protection authority the response given to the claim, said authority will continue the procedure in accordance with the provisions of Title VIII of this organic law and its regulations. developmental.
Article 39, GDPR.
Functions of the Data Protection Officer
1. The data protection officer will have at least the following functions:
a) inform and advise the controller or processor and the employees dealing with the processing of their obligations under this Regulation and other data protection provisions of the Union or of the Member States;
b) Supervise compliance with the provisions of this Regulation, with other data protection provisions of the Union or of the Member States and with the policies of the person in charge or of the person in charge of the treatment regarding the protection of personal data, including the allocation of responsibilities, the awareness and training of the personnel that participates in the treatment operations, and the corresponding audits;
c) provide advice as requested on the data protection impact assessment and supervise its application in accordance with article 35;
d) cooperate with the supervisory authority;
e) act as a contact point for the supervisory authority for matters relating to processing, including the prior consultation referred to in article 36, and carry out consultations, where appropriate, on any other matter.
2. The data protection officer will carry out his duties paying due attention to the risks associated with the processing operations, taking into account the nature, scope, context and purposes of the processing.