Difference between the DPD and the Privacy Officer
Difference between the DPD and the Privacy Officer
The DPD (Data Protection Delegate) was born five years ago with the entry into force of the European Data Protection Regulation(RGPD) and subsequently of our new LOPD, whose figure has been consolidating more and more as a necessity for due compliance with data protection regulations, as well as an unbeatable advisor in those cases where it is not mandatory to have this figure.
Not surprisingly, at the end of May of this year, the AEPD reinforced this idea of the relevance of the DPD in its Legal Report 0038/2023.
The role of the DPD in the proactive accountability model
The one who must comply with the principle of proactive responsibility, according to Article 5.2 of theGDPR, is the Data Controller (your company).
However, the data controller can rely on the DPD to comply with data protection regulations, since the DPD ‘s functions are to advise and supervise compliance with the provisions of the RGPD and the LOPDGDD. and supervise compliance with the provisions of the RGPD and the LOPDGDD.
In other words, the data controller has the possibility of finding in the DPD an ally to comply with the requirements established in the regulatory framework for the protection of personal data, since through its advice and supervision, it will be easier to comply with the legal obligations of any company and avoid penalties.
In the event that the data controller does not follow the recommendations of the DPD, the AEPD points out the need to argue the reasons for not following the indications of the DPD, since it is an autonomous, independent figure who is trained in the matter.
The role of the DPD as a mediator in front of the AEPD
The DPD will represent the data controller in communications with the AEPD, such as in the filing of complaints with the AEPD by data subjects, as well as with data subjects when they exercise their data protection rights.
But these are not the only cases in which the DPD acquires relevance, as it acts as a point of contact for the supervisory authority on matters relating to processing, including the prior consultation referred to in Article 36, and to carry out consultations, where appropriate, on any other matter, being the mediator between the data controller and the AEPD or its counterpart at the regional level, where appropriate.
Autonomy as a basis for the proper functioning of the DPD
In order for the DPO to be able to perform his or her functions in accordance with the guidelines of the standard, he or she must be functionally independent and autonomous, so that he or she can advise and supervise freely and without receiving orders from the controller. This freedom must be understood in the sense that he/she is not subject to any mandate, but must be accountable for his/her actions.
In addition, it is of vital importance that the Delegate has the material and personal means to be able to perform his functions, being the data controller who must provide him with the necessary elements to do so.
Difference between the DPD and the Privacy Officer
We can find in some organizational structures of companies, a figure, which is not legally established called “Privacy Officer“, which is part of the company but its management functions in terms of data protection are complementary but different from those assumed by the DPD.
The differentiation of functions between the DPD and the Privacy Officer would be the following:
Profile and Functions of the DPD
Example: Business Adapter®. These are specialized professionals with knowledge and experience in data protection consulting and development of DPD functions, such as:
–Supportto departments and persons involved in the processing of personal data:
- Supervising and inspecting compliance with regulations
- Report regulatory changes or instructions from the control authorities.
- Advise in the preparation of the Impact Assessment
- Training on data protection and digital rights of employees
- Data protection audits
- Acting as a point of contact for the supervisory authority and interested parties
- Management of claims, complaints and/or queries about personal data.
- Attention exercise of rights
- Security breaches
Profile and Functions of the Privacy Officer
Person who works in the company and who in addition to fulfilling the functions of his position, is also responsible for implementing or delegating the implementation of technical and organizational measures, informed by the DPD or those derived by external consultants on data protection, whose functions could be:
-Interlocution with the DPD, consultants or external data protection auditors.
-Audit management
-Implementation or coordination of the implementation of corrective actions resulting from an audit.
-Management or coordination in the attention to the exercise of rights.
-Security breach communication
-To prepare impact evaluations and apply the resulting measures.
Business Adapter® at your service
If you are a client and need more information about the Privacy Officer, please contact your consultant to receive documentation and instructions.
If you are not yet a client and you want to hire the services of a DPD or you want us to help you comply with the functions of the Privacy Officer in your company, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]