The figure of the Data Protection Officer

Lawyou — viernes, 26 de febrero de 2021

On May 25 of this year, the General Data Protection Regulation that came into force on May 25, 2016 (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) will begin to apply.

Which will entail, among other things, that the controller and the processor will be obliged to appoint a data protection officer:

.

  • If the person processing personal data is a public authority or public body, except for courts acting in the exercise of their functions.
  • If the main activities of the data controller and the data processor are carried out by a public authority or public body, except for courts acting in the exercise of their functions.
  • If the main activities of the controller or processor consist of processing operations which, by reason of their nature, scope and/or purposes, require regular and systematic observation of data subjects on a large scale.
  • If the main activities of the controller or processor consist of processing operations which, by reason of their nature, scope and/or purposes, require regular and systematic observation of data subjects on a large scale.
  • If the controller’s or processor’s main activities consist of the processing on a large scale of special categories of data (Article 9 GDPR) and of data relating to criminal convictions and offences referred to in Article 10 of the same legal text.

The data protection officer shall be appointed on the basis of his/her professional qualities and, in particular, his/her specialized knowledge of data protection law and practice and his/her ability to perform the duties provided for in the General Data Protection Regulation.

The data protection officer may be part of the staff of the controller or processor or perform his or her duties under a service contract.

The Spanish Data Protection Agency has chosen to promote a Certification Scheme for «Data Protection Delegates», this certification is not mandatory in order to practice as a Data Protection Delegate and it is possible to practice the profession without being certified under this or any other scheme.

In the Certification Scheme for «Data Protection Officers» Data Protection» there is the first certification authorization on who meets the requirements to be a data protection officer. Such requirements are those set out in Article 6.3 of the Scheme:

  • Who accredits to have a professional experience of at least 5 years in projects related to the functions of the DPD in the field of data protection.
  • Who accredits to have a professional experience of at least 3 years in activities related to the functions of the DPD in data protection and a minimum training of 60 hours in relation to the subjects included in the Scheme.
  • Who can demonstrate professional experience of at least 2 years in projects related to data protection and a minimum training of 100 hours in relation to the subjects included in the Scheme.
  • .

  • Whoever proves to have a minimum training of 180 hours in subjects included in the Scheme.

Public entities or bodies that do not comply with this experience may validate up to 1 year of experience by justifying additional merits.

.
DPD candidates must take a test consisting of 150 multiple-choice questions, and must pass 75% to pass. As an obligation prior to the granting of said position, these candidates must, in addition, accept the Code of Ethics in Annex III of the Scheme. The candidate will be assessed on their knowledge, experience and continued professional development.

If you need a DPD service please contact us at the following email info@lawyoulegal.com or via telephone: 602 226 895.

Categorías a las que pertenece este artículo:

Si te ha gustado, comparte este artículo:

Comentarios

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *