1. Deployment of a DPO Niamh Gavin AIB Data Protection Legal
28 September 2017

2. Deadline
GDPR EFFECTIVE DATE

3. Not a legal requirement under the current EU Data Protection Directive
The DPO Role Today
What’s the current status
Not a legal requirement under the current EU Data
Protection Directive
Many EU countries (e.g. Germany & Sweden) have made
it mandatory under local law
The evolution and significance of this role under the
GDPR

4. What’s new under the GDPR
Mandatory v Voluntary – Assess your obligations
Existing privacy related roles already in place may not meet the new legal criteria under the GDPR
Protected role – DPO cannot be removed or penalised for performing tasks
Failure to appoint a DPO – Consequences for organisations

5. Expert in data protection laws and practices
Who is the DPO
Expert in data protection laws and practices
First there is the GDPR
173 Recitals (not having force of law)
11 Chapters
99 Articles (having full force of law)
But don’t forget; ePrivacy Regulation, NIS Directive and more

6. Who is the DPO
Must Report directly to highest management level
Can be group DPO
Can perform other tasks provided no conflict of interest
Can be outsourced

7. Responsibilities of the DPO
Monitoring compliance with the GDPR
Consultation in the Data Protection Impact Assessment (DPIA) process
Point of contact for the Regulator
Point of contact for data subjects
Role to play in record keeping

8. Proper resources (financial resources, additional staff etc.)
What will the DPO need
Organisations must provide:
Proper resources (financial resources, additional staff etc.)
Sufficient time to enable the DPO fulfil their tasks
Active support from senior management
Continuous training and on-going investment

9. Consider Liability in the event of non – compliance
Is there protection against personal liability
The Controller and or Processor are ultimately
responsible for GDPR compliance
What about wilful misconduct, gross negligence

10. Q & A