Is it a God or a Devil that the European parliament wants to create with the new role as Data Protection Officer (DPO). He shall know all the things in the organization regarding Personal Data (PD), be best friends with the legal IT and HR and more, but HAVE TO report if there is a misuse of PD (to the highest management level and/or to the Data Protection Authorities (DPA)).
He shall have the expert knowledge of the law and expert knowledge of IT-security. If you have one – you’re lucky.
What’s the goal for DPO?
To be the “center of information” in the organization regarding Personal Data. To have the responsibility of all communication with top management and the Data Protection Authorities
Do I need the Devil/God in disguise?
Yes if your organization is a government, local authorities etc, or if you regularly and systematically monitoring data subjects on a large scale, or if you’re processing on a large scale of special categories of data.
Who can not be a DPO?
If someone got the knowledge about IT security and GDPR law, they can be a DPO, but it cannot be a HR, IT, Law, Marketing manager etc. Because it shall not be in conflict with the line of duty, meaning, would you report yourself if you made a mistake?
Do I get one from heaven or hell?
That’s a good question, but you’re not alone, there will be a estimated need for 75 000 DPO’s worldwide, so get your hunting gear on.