The DPO, a key role in GDPR compliance within well-prepared organizations

To ensure the implementation of the General Data Protection Regulation (GDPR), the DPO (Data Protection Officer) joins organizations. Holding a key role, the quality of their training will guarantee the company's proper compliance with the law. However, raising awareness among all employees about GDPR issues will be essential for the DPO to successfully fulfill their duties.

Establishing a data culture within the company

First of all, it is important to remember that the employment of a DPO is compulsory in 3 cases : when data processing is carried out by a public authority, in private bodies processing information that is regularly monitored on a large scale, and in those managing sensitive data.

While there is no standard profile for this position, the DPO must nevertheless have good legal and technical knowledge. Above all, his or her primary qualities will be communication skills and diplomacy. As the supervisor of good governance of the GDPR within the organiszation, he or she is subject to major strategic challenges. Presenting the DPO as the successor to the CIL is therefore far too simplistic, even though the CIL may be called upon to take on this role as his or her skills evolve.

The DPO’s training will therefore necessarily include all aspects of this new role. As for those who will report directly to the DPO within the company (GDPR referents, top managers, etc.), they will also need specific support. By ensuring that everyone understands what is at shake under the new regulations, and by instilling a genuine data culture, the company will enbale its DPO to carry out his or her duties effectively.

Certified training : insurance for your company

There is an increasing number of training courses on offer to provide a framework for this new role, at the crossroads of various areas of expertise and strategic dimensions. But it has to be said that not all of them are created equal! When it comes to making their choice, companies have no room for error. If its DPO does not take the full measure of his mission, its entire personal data protection policy risks being compromised. And the price to pay can be very high : between 20€ and 30€ million in fines and up to 4% of worldwide turnover.

Fortunately, there is now a certification scheme set up by Bureau Veritas, in partnership with the UDPO (French Union of DPO), which guarantees the quality of DPO training provided by accredited organizations. The certification also entitles the DPO to obtain a professional card, a real policy for future employers. It is then up to the company to commit its DPO to ongoing training, which is also compulsory under the GDPR.

Xavier Leclerc, Chairman of DPMS and UDPO and Jean-Noël Portugal, Managing Director of Daesign

Autres articles de blog