LATEST INTELLIGENCE
that is a public authority, that has a
core activity involving the monitoring
of individuals on a large scale or the
processing of large volumes of sensitive
data, must appoint a DPO.
The DPO must have specialist skills and
expertise and be involved in data protection
issues. A DPO sits at the crossroads of
business processes, IT systems, security and
has knowledge of GDPR to ensure that an
organisation is in compliance. In fact, the
regulation makes a strong point about the
need for the DPO to have an independent
voice and influence in the organisation.
The DPO will need to engage with the security
team or function in three key activities:
1. Monitoring compliance with GDPR,
including collecting data and information
about processing activities to ensure
proper protection is in place and is effective
2. Facilitating and reviewing a data
protection impact assessment of new
projects that collect and utilise personal
information, including an evaluation of
the proposed security controls
3. Providing a central point of
communication and mediation
in the event of a data breach,
including complying with very specific
requirements for the timing and content
of communications with the regulators
and affected individuals
As a result, while the DPO does not have
direct responsibility for the implementation
and management of cybersecurity defences,
he or she must have full knowledge of how
the systems, networks, applications and
databases are being protected from attacks,
what information and data they will provide
in the event of a breach and a level of
confidence that these safeguards will lead to
GDPR compliance. n
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
23