fbpx

GDPR Update: 5 Things That the DPO Needs to Consider

Since the GDPR entered into force on 25th  of May 2018 the regime has implemented new practices into the processing and storing of personal data. Here are five of the most important considerations that every DPO should have in mind.

1. Choosing a Lead Supervisory Authority

In case the organisation in which you are hired as a DPO is operating in EU-markets in general and its processing activities involve processing on a large scale it is likely that you’ll need to choose a Lead Supervisory Authority (LSA). In other words, the LSA is the authority with the primary responsibility for dealing with the company’s cross-border data processing activities.

The process of determining the LSA is not easy. However, ones it is done the relevant proper documentation needs to be put in place, explaining why and who chose this exact LSA.

2. Data Processing Agreements with third-parties

Special attention must be paid when selecting the third-parties that will have access to  personal data when the organisation has as a controller. Using  GDPR terms, those third-parties will likely be processors and according to the GDPR it should be checked and proven by the controllers that the processors are applying at least the same level of protection as them. Among the levels of the protection, factors such as appropriate technical and organisational measures, should be considered.

In case of a data breach, the controllers should rely on all those elements of the data processing agreement in order for the relevant measures to be put in place. For instance the steps that the processor should take to assist the controller and the level of information regarding the breach that the processor needs to provide to the controller.

It is strongly advised that for all those reasons (data breach, subject access request and many more) that could become a reality in the day-to-day work, that the data processing agreement is concrete and adequate.

3. Data breaches

It is vital that all the organisations in the scope of GDPR develop data breach procedures and response plans to notify authorities in case of data breaches. It could even be the case when special drills are performed so in case of an actual data breach all the responsible people act calmly and in confidence.

4. Data Subject Access Request

As GDPR recommends, among other rights, individuals or the data subjects have the right to request access to and obtain a copy of their personal data (referred to as “subject access requests” or “SARs”). Such rights can be exercised through a verbal or a written request, and the organisations must respond within one month.

The controllers are obliged to respond to the SARs, however the activity of the response itself may provoke certain risks and of course additional administrative work. Therefore it is important to have relevant procedures in place, encompassing all the actions of all professionals involved in the process of SARs to mitigate the risks and to have the administrative work assigned in advanced.

If we have to stress on the possible risks involved into dealing with SARs, it is possible for personal information to be given away to someone unauthorised to receive such kind of information. Thus, developing processes to identify the necessary level of information that must be presented in order to verify an individual’s identity before fulfilling the SAR will mitigate such risk. Further mitigation measures include conducting staff training, centralising the tasks of responding to SARs and developing template letters to respond to SARs consistently across the organisation.

5. Keeping up with the legal updates in relation to GDPR

GDPR is a revolutionary piece of legislation that aims to protect the personal data of the residents of the European Union. Following its good example, a number of similar laws are prepared or are in a draft form across the world, including Brazil, the United States (in the state of California) and India (whose law is still in draft form). Those laws are indeed inspired by the GDPR, but there are substantial differences, including different requirements.

893 thoughts on “GDPR Update: 5 Things That the DPO Needs to Consider

  1. Pingback: ventolin canada

  2. Pingback: doctor7online.com

  3. Annelle Torrent says:

    heard your post on google and checked out several of your early posts. Continue with the very good articles. Ill probably be by again to read more, thanks for the info! If you have a chance check out my website. It’s a work in progress, but I believe that someday it will have almost as good of content as yours.

  4. Selene Kaigler says:

    You ‘re so creative! I don’t think I’ve read anything like this before. So effective to find somebody with some original sentiments on this theme. I enjoy reading a post that will make people think. Also, thanks for permiting me to comment!. If you have a chance check out my website. It’s a work in progress, but I believe that someday it will have nearly as good of content as yours. kelly kosky

  5. Harvey Beyene says:

    You decidedly put a new twist on a subject that’s been written about for years. Noteworthy material, just extraordinary! I enjoy reading a post that will make people think, thanks and we want more! Added to FeedBurner likewise. If you have a chance check out my website. It’s a work in progress, but I suppose that someday it will have nearly as good of content as yours. kelly kosky ministries

  6. Pingback: cipro antibiotic prices

  7. Pingback: generic viagra available

  8. Pingback: viagra otc

  9. Blair Pomplun says:

    Very great post, I really enjoy the web page, keep it up. How do you market your site? I found it on Google. If you have a chance check out my web site, it’s not as noteworthy, but I ‘m only able to update it once a week.

  10. Pingback: naltrexone over the counter usa

  11. Shella Henesey says:

    Hi there! I just desire to give an enormous thumbs up for the good data you have got right here on this post. I’ve bookmarked your site and shall be coming again to your site for more soon. If you have a opportunity check out my web site It’s brand new, but let’s hope some day it will be as educational as yours

  12. Thomas Alkins says:

    You unquestionably put a new twirl on a subject that’s been written about for years. Remarkable stuff, just magnificent! I enjoy reading a post that will make people think, thanks and we want more! Added to FeedBurner too. If you have a chance check out my site. It’s a work in progress, but I think that someday it will have nearly as good of substance as yours. kelly kosky

  13. Vania Russett says:

    Really great web site, this really responded some of my questions. Thank you!. If you have a opportunity check out my website. It’s a work in progress, but I believe that someday it will have nearly as good of substance as yours. kelly kosky