The DPO: Your business partner for European privacy compliance

Reach out to top privacy professionals for your in-house vacancies in Europe!
Reach out to top privacy professionals for your in-house vacancies in Europe
Reach out to external (contract) Data Protection Officers!
Reach out to external (contract) Data Protection Officers
After years of debate, the negotiating parties finally agreed on the text for the EU's new General Data Protection Regulation ('GDPR', 'Regulation'). The purpose of the GDPR is to bring a harmonized approach around data protection throughout the EU and ultimately to provide individuals greater protection given the immense developments of our modern technological era.  The agreed text reflects the political consensus which still needs the votes of the Council and Parliament to become official. Once it is official, the GDPR would then enter into force two years after adoption, in early 2018.

The GDPR will impact businesses across all industries; and not only the companies which have physical presence in Europe.  If you are a company outside the European Economic Area and processing personal data of EU individuals when this relates to the offering of goods/services to such individuals or monitoring the behavior of individuals in the EU; you are also subject to the EU GDPR.

One of the new obligations in the GDPR is around the appointment of Data Protection Officers (DPOs). The concept of having a privacy professional guiding businesses for compliance is nothing new in Europe but the topic was simply regulated at Member State level before.  As a result, some countries made it mandatory for companies to appoint a DPO (i.e.Germany) while others encouraged the practice in return for some administrative benefits (i.e. France). There was no uniformity. The GDPR changes the situation remarkably.

The new Regulation now requires that certain private sector organizations must appoint DPOs in Europe. This requirement applies to all types of organizations irrespective of their size and whether they are processing personal data in the capacity of a Controller or a Processor.
  • ​Is your European business in the scope?
  • Can you appoint an existing employee as a DPO?
  • ​What are the qualifications you should seek for?
  • Whom should your DPO report to?
  • What if you do not comply with the DPO provisions of the GDPR?

Take a look at our FAQ paper which addresses major questions raised by businesses!
Even if you are not obliged to appoint a DPO by the Regulation's related provisions, you may still consider bringing on board an experienced privacy professional. As the GDPR brings many new (or stricter) obligations to businesses which process personal data (e.g. extensive notice requirements, PIAs, stronger rights for individuals, record keeping of processing operations, privacy by design & default for each processing, data breach notification to DPAs), it becomes crucial for companies to manage their privacy compliance in Europe in a more structured manner through well-thought-out programs instead of sporadic or last-minute remedial actions. 

​Bringing on board a knowledgeable and experienced privacy professional for your European business would definitely help you to figure out your exact needs for compliance and define the right course of action!