Hire a Data Protection Officer
If you do not know what a DPD / DPO is and you are looking for your own DPD / DPO in Valencia, you should know that the Data Protection Regulation RGPD, has created a new and important figure, called Data Protection Officer (DPD or DPD).
Do not hesitate, we are the Data Protection Officer you need. We will be your DPO in Valencia.
We have the accredited professionals in law and data protection that your organization needs.
Why is a Data Protection Officer - DPO - DPD necessary?
As a result of the approval of the General Data Protection Regulation(GDPR), a new and relevant legal figure has been created, which is the Data Protection Officer (DPD or DPO) and Business Adapter will assume for your entity the obligations and functions established in Article 39 of the GDPR. You can now hire your Data Protection Officer in Valencia.
Following the approval of Law 2/2023, of February 20, on the Protection of the Informant, it is established that those entities with 50 or more employees are obliged to have an internal information system and therefore, those individuals or legal entities that have 50 or more employees, among other cases, will be obliged to appoint a Data Protection Delegate.
Article 37.1 of Regulation (EU) 2016/679 (GDPR) determines that the controller and the processor shall appoint a data protection officer provided that:
-the processing is carried out by a public authority or body, except for courts acting in the exercise of their judicial function;
-the main activities of the controller or processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale, or
-the main activities of the controller or processor consist of the processing on a large scale of special categories of personal data pursuant to Article 9 and of data relating to criminal convictions and offences referred to in Article 10.
Article 37.2 of the GDPR allows a group of companies to appoint a single data protection officer as long as he or she is easily accessible from each establishment.
Article 37.3 of the GDPR states that where the controller or processor is a public authority or body, a single data protection officer may be appointed for several of these authorities or bodies, taking into account their organizational structure and size.
Article 34 of the LOPD-GDD establishes that Controllers and processors must appoint a data protection officer in the cases provided for in Article 37.1 of Regulation (EU) 2016/679 and, in any case, when dealing with the following entities:
-Professional associations and their general councils.
-The teaching centers that offer education at any of the levels established in the legislation regulating the right to education, as well as public and private universities.
-Entities that operate networks and provide electronic communications services in accordance with the provisions of their specific legislation, when they routinely and systematically process personal data on a large scale.
Providers of information society services when they prepare large-scale profiles of service users.
-The entities included in Article 1 of Law 10/2014, of June 26, on the regulation, supervision and solvency of credit institutions.
-Financial credit institutions.
-Insurance and reinsurance companies.
-Investment services companies, regulated by the Securities Market legislation.
-Electricity distributors and marketers and natural gas distributors and marketers.
-The entities responsible for common files for the evaluation of solvency and creditworthiness or common files for the management and prevention of fraud, including those responsible for the files regulated by the legislation for the prevention of money laundering and the financing of terrorism.
-Entities that carry out advertising and commercial prospecting activities, including commercial and market research, when they carry out processing based on the preferences of the affected parties or carry out activities that imply the elaboration of their profiles.
-Health centers are legally obliged to keep patients’ medical records. Exceptions are health professionals who, although legally obliged to keep patients’ medical records, carry out their activity on an individual basis.
-Entities that have as one of their objects the issuance of commercial reports that may refer to natural persons.
-Operators that develop the gaming activity through electronic, computerized, telematic and interactive channels, in accordance with the gaming regulation regulations.
-Private security companies.
-Sports federations when processing data of minors.
Therefore, we can conceptualize the Data Protection Officer as the independent legal figure, designated as the responsible, professional in the field, whose main activity is the primary verification of large-scale information processing operations that require regular monitoring or those derived from the main activities of an entity or company regarding the protection of personal data held by individuals; in application of the General Data Protection Regulation (GDPR).
I want my Data Protection Officer
ContactWhat is a Data Protection Officer?
According to section IV, Article 37 of the General Data Protection Regulation (GDPR) establishes a special section that gives rise to the creation of the Data Protection Officer (DPD / DPO), where it is stipulated that the delegate will be appointed by the responsible and in charge as long as he/she is under the following assumptions:
-The processing is carried out by a public authority or body, except for courts acting in the exercise of their judicial function;
-The main activities of the controller or processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale, or
The main activities of the controller or processor consist of large-scale processing of special categories of personal data.
In the case of a corporate group, a single, easily accessible Data Protection Officer may be appointed.
Regarding the appointment of the DPD/DPO in your company in Valencia, the appointment will be made on the basis of his/her professional qualities and, in particular, his/her specialized knowledge of data protection law and practice and his/her ability to perform the functions corresponding to his/her position, although he/she should not have a specific qualification, insofar as the functions of the DPD/DPO include advising the person responsible or in charge in all matters relating to data protection regulations, legal knowledge in this field is undoubtedly necessary, but it is also necessary to have knowledge outside the strictly legal field, such as, for example, in matters of technology applied to data processing or in relation to the field of activity of the organization in which the DPD/DPO in Valencia performs his or her functions.
Consequently, and in view of the above, the data protection officer may be a member of the staff of the data controller or data processor or perform his or her duties under a service contract, and the contact details of the data protection officer must be published and communicated to the supervisory authority.
The position of the DPD /DPO in organizations has to meet the established requirements, among which are:
- Total autonomy in the exercise of its functions;
- Need to be related to senior management; and
- Obligation for the responsible party or the person in charge to provide the DPD with all the resources necessary to carry out its activity.
Functions of the Data Protection Officer
The DPD or data protection officer shall have at least the following functions:
(a) inform and advise the controller or processor and the employees involved in the processing of their obligations under this Regulation and other Union or Member State data protection provisions;
(b) monitor compliance with the provisions of the Regulation and other Union or Member State data protection provisions and with the controller’s or processor’s policies on the protection of personal data, including the allocation of responsibilities, awareness and training of staff involved in processing operations, and related audits;
c) Provide advice on the data protection impact assessment and supervise its implementation, as requested;
d) Cooperate with the supervisory authority;
e) To act as a point of contact for the supervisory authority on matters relating to the processing of information and to consult, as the case may be, on any other matter.
The way in which your data protection officer DPD / DPO in Valencia will perform his or her duties will be to pay due attention to the risks associated with the processing operations, taking into account the nature, scope, context and purposes of the processing.
For much less than you imagine your own DPD / DPO in Valencia. Do not hesitate to ask for information:
ContactPenalties for not having a Data Protection Officer
The possible penalties for failure to appoint a Data Protection Officer in a Company when required by the Company, would be categorized as a serious penalty ranging from a maximum of EUR 10 million or, in the case of a company, an amount equivalent to a maximum of 2% of the total annual global turnover of the previous financial year, whichever is higher, for non-compliance and/or infringement of Article 39 of the General Personal Data Protection Regulation.
Some examples of sanctions:
Glovo
Seville City Hall
Security Companies
Huercal Town Hall
Molina del Segura City Council
Example of other SMEs
IS IT POSSIBLE TO HIRE AN EXTERNAL DPD?
The Regulation establishes that the qualities for the designation of the Data Protection Officer are:
- Autonomy in the exercise of its functions, in response to the question, if it is possible to hire an external DPD / DPO.
- That you have the professional qualifications and in particular, to your knowledge of legislation and data protection.
It is also established that in order to form part of the staff of the data controller or data processor or to perform its functions as external DPO, a service contract must be entered into between the company and the external DPO, in addition to publishing the contact details of the data protection officer and notifying the supervisory authority.
DPD / DPO IN VALENCIA
The Data Protection Officer (DPD / DPO), is the legal figure of nature contained in Section Four of the General Regulation on Personal Data Protection (GDPR), whose main function is to observe compliance with the Regulation regarding the activities carried out by companies that handle, safeguard, organize and process personal data and / or public authorities or bodies whose activities are provided in the Member States of the European Union.