Did you know….? The International Association of Privacy Professionals (IAPP) has estimated that over 75,000 Data Protection Officers will be required worldwide as a result of the GDPR.
The appointment of a Data Protection Officer is a legal core obligation for many organisations operating in the European Union (EU) and is the cornerstone of accountability to facilitate compliance with the GDPR.
Article 37 of the GDPR has explicitly recognised the potential for external consultants to provide Data Protection Officer services on the basis of a service contract. The Article 29 Working Party (now the European Data Protection Board) has elaborated on the structure of such a service, focusing on the efficiency benefits, independence and accessibility.
Gemserv can provide full outsourced data protection officer services (oDPO) or support in-house management through the virtual data protection service offering (vDPO). As part of this, we will assist or carry out the core functions of the DPO, depending on the needs of the clients.
Gemserv also offer the flexibility for our Data Protection Officers to be registered in Ireland or in the UK, to safeguard against the effects of Brexit.
The oDPO and vDPO services bring the following core benefits to clients:
Level of Expertise – we offer our fully CIPP/E, CIPM and ISO 27001-qualified Data Protection, Information Security and Cyber Risk consultants to attend and provide any guidance to our clients, giving you a competitive advantage over your competitors;
Avoiding conflicts of interest – having fully outsourced professionals helps avoid an organisational conflict of interest, between data protection responsibilities and other tasks, that the GDPR has highlighted as a significant problem;
Autonomy and Independence – whilst acting on behalf of our clients, we provide independent, dedicated and fully-focused guidance and decision-making, using our own resources, as endorsed by the Article 29 Working Party.
As part of the vDPO/oDPO services, we will provide guidance on or deliver the key responsibilities of a Data Protection Officer, including:
Governance – Adopting a risk-based approach to audit, implement and monitor data protection practices necessary for compliance with the GDPR.
Cooperation – Acting as a contact point and facilitator for any investigations and negotiations with supervisory authorities and responding to queries from data subjects;
Data Breach Notification – Managing, providing guidance on and reporting personal data breaches.
Data Subject Requests – Implementing the necessary framework for responding to Data Subject Requests, including Subject Access Requests (SARs).
Data Protection Impact Assessments (DPIAs) – Following the principle of Data Protection by Design, we will advise on and risk assess data processing operations.
Data Protection Awareness Video.
Here Ivana Bartoletti explains the role of a Data Protection Officer and why you need one.
Data Breach – The Next 72 Hours…..
Below is an infographic that details the process once a data breach has occurred.
Over the last few months, the GDPR’s focus on Privacy by Design has encouraged the development of various proactive measures – including designing operations to minimise the use of personal data, building-in consent mechanisms into online services, and facilitating user-centric applications and interfaces.
In the second of our new webinar series looking at the information security landscape, we focus on this topic, as requested from our last webinar – How to achieve Privacy by Design and conduct Data Protection Impact Assessments (DPIAs). This aims to unpack how risk-based methods for Privacy by Design can be deployed, and will aim to provide you with a deeper understanding of the following topics:
Privacy by Design: Key Features
DPIAs Method and Guidance
If you are interested in attending this webinar, please register your interest through the GemTalk website.