The GDPR is around the corner, and with it come the new requirements. Likely one the most disrupting features of the new law is the requirement to appoint a Data Protection Officer (DPO). This is a new role created to advise organisations on their handling of personal data and acts as the primary contact person for the data protection authorities. While a DPO is not mandatory for every organisation, the regulators encourage organisations to appoint a DPO on a voluntary basis.
While at first sight it may look like this is just another act of introducing red tape by the legislators, it is at the same time an opportunity to ensure your data handling not only passes mustered with the legislators, but at the same time ensures the general public you take their privacy serious. 67% European consumers surveyed believe that organizations benefit the most from using their personal data, while 9 out of 10 internet users avoid doing business with companies that do not protect their privacy. Ensuring people trust us is now more important than ever and appointing a DPO might help you to build that trust.
As personal data is at the very core of the work our sector is doing, we will have to look very carefully at any requirement of the GDPR and the DPO in particular. As with every aspect of the GPDR, a DPO will be requirement regardless of whether you are based in the EU or not. As soon as you’ll process personal data of an EU citizen it applies to you.
The DPO is the orchestrator in any project that involves person data and therefore a cornerstone in any GDPR compliance programme. This means he or she will have a great responsibility and choosing the right person for this role is critical. The tasks of the DPO are specified by the GDPR and include:
- to monitor internal compliance with the GDPR;
- to advise the controller when carrying out a Privacy Impact Assessment;
- cooperating with the supervisory authority and acting as a contact point.
In order to fulfil these tasks a DPO must be independent and have suffice knowledge of the relevant legislation as well as the business sector the company operates in and senior enough be to advise directly to c-suite. Taking this altogether it is quite a responsibility!
Therefore, we offer an ESOMAR approved Data Protection Officer Service giving you access to legal experts who understand both the GDPR and ESOMAR’s professional standards guidance, ensuring you comply to all your key requirements. The Compliance programme also offers complete GDPR training and certification programmes to train your staff on the GDPR essentials.
This programme is open for any ESOMAR Corporate Member and is offered as part of ESOMAR Plus. If you are interested or would like to know more, don’t hesitate to contact us! You can find more information on https://www.esomar.org/utilities/esomar-plus You can also always drop us an email at public.affairs@esomar.org
This way we can ensure together that we maintain our track record of responsible sector we have kept for more than 70 years, and which has been codified in the ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics.
