eData Protection Officer
Primary Responsibilities
Working
closely with data protection authorities as their contact inside the
organisation and helping to ensure compliance.
Training staff on proper data handling practices
Maintaining knowledge of changes in law and technology
Building, implementing and managing privacy programs.
Skills
Risk
and Technology: Experience assessing risk and best practice mitigation
Management System / Framework: Practical experience in designing and building
management systems for the full operational life cycle.
Legal expertise and independence: Knowledge of EU legislation plus all relevant
jurisdictions (including outsourcing activities / supplier services)
Cultural/Global: Interpersonal skills, flexibility and ability to effectively
communicate with relevant business functions (Legal, IT, HR, Marketing etc.)
Leadership: Leadership and program management experience, and to manage own professional
development Independent / Board Level: Ability to fulfil the role autonomously
Communication: Ability to speak in a ‘common language’ of the average employee
and external data subject, to handle requests and complaints, and to help
others assist data subjects.
Conflict management: Provide advice and guidance, avoiding conflict with
internal management roles wherever possible
Primary eDPO Functions
Working
with regulators: The DPO should be acquainted with relevant regulations (in
jurisdictions where the organisation does business) and have a positive working
relationship with them.
Accessibility to data subjects: The Article 29 Working Party has stressed the
importance of DPO’s being available to answer data subject’s questions.
Assessing privacy risk: It is not the eDPO’s role to carry out privacy impact
assessments, however the eDPO must monitor them and provide the controller with
advice on them, including when to conduct one, methodology, whether to
outsource it, selecting safeguards/controls, and ensuring compliance.
eDPO dismissal and penalties: An eDPO may not be penalised for performing
DPO-related duties.