DATA PROTECTION OFFICER - DPO
PROFILE OF THE DATA PROTECTION OFFICER
The DPO must gather specialized knowledge of law and data protection practice. Consequently, the necessary knowledge, skills or abilities that the person to be certified must have or know to perform in order to carry out each of the functions of the Data Protection Officer position have been identified.
These generic functions of the DPO can be specified in advisory and supervisory tasks, among others, in the following areas:
1. Compliance with principles related to the processing, such as limitation of purpose, minimization or accuracy of the data.
2. Identification of the legal bases of the processing.
3. Compatibility assessment of purposes other than those that led to the initial collection of the data.
4. Compatibility assessment of purposes other than those that led to the initial collection of the data.
5. Design and implementation of information measures for those affected by data processing.
6. Design and implementation of information measures for those affected by data processing.
7. Evaluation of the requests for the rights exercising by the interested parties.
8. Recruitment of processing managers, including the content of contracts or legal acts that regulate the responsible-manager relationship.
9. Identification of international data transfer instruments appropriate to the needs and characteristics of the organization and the reasons that justify the transfer.
10. Design and implementation of data protection policies.
11. Data protection audit.
12. Establishment and management of processing activity records.
13. Risk analysis of the processing performed.
14. Implementation of data protection measures from the design and protection of default data appropriate to the risks and nature of the processing.
15. Implementation of security measures appropriate to the risks and nature of the processing.
16. Establishment of procedures for managing data security breaches, including risk assessment for the rights and freedoms of those affected and notification procedures to supervisory authorities and those affected.
17. Determination of the need to carry out impact assessments on data protection.
18. Conduct impact assessments on data protection.
19. Relations with supervisory authorities.
20. Implementation of training and awareness programs for personnel regarding data protection.