eData Protection Officer
closely with data protection authorities as their contact inside the
organisation and helping to ensure compliance.
Training staff on proper data handling practices
Maintaining knowledge of changes in law and technology
Building, implementing and managing privacy programs.
and Technology: Experience assessing risk and best practice mitigation
Management System / Framework: Practical experience in designing and building management systems for the full operational life cycle.
Legal expertise and independence: Knowledge of EU legislation plus all relevant jurisdictions (including outsourcing activities / supplier services)
Cultural/Global: Interpersonal skills, flexibility and ability to effectively communicate with relevant business functions (Legal, IT, HR, Marketing etc.)
Leadership: Leadership and program management experience, and to manage own professional development Independent / Board Level: Ability to fulfil the role autonomously
Communication: Ability to speak in a ‘common language’ of the average employee and external data subject, to handle requests and complaints, and to help others assist data subjects.
Conflict management: Provide advice and guidance, avoiding conflict with internal management roles wherever possible
Primary eDPO Functions
with regulators: The DPO should be acquainted with relevant regulations (in
jurisdictions where the organisation does business) and have a positive working
relationship with them.
Accessibility to data subjects: The Article 29 Working Party has stressed the importance of DPO’s being available to answer data subject’s questions.
Assessing privacy risk: It is not the eDPO’s role to carry out privacy impact assessments, however the eDPO must monitor them and provide the controller with advice on them, including when to conduct one, methodology, whether to outsource it, selecting safeguards/controls, and ensuring compliance.
eDPO dismissal and penalties: An eDPO may not be penalised for performing DPO-related duties.