Data Protection Officer, the key to gaining customers’ trust

Certain controllers and processors falling within the scope of GDPR are required to appoint a Data Protection Officer (DPO). Even in cases where GDPR does not explicitly provide for the appointment of a DPO, it is worth considering doing so as a DPO can effectively promote GDPR compliance. In addition, when communicated properly, the appointment of a DPO may significantly boost your customers’ trust. It can send a clear message to the market: “You can put your trust in us; we do care about your personal data”.

What are the key competences of a DPO?

She or he needs to have in-depth and up-to-date knowledge about local and EU data protection legislation, and be familiar with the case-law of Hungarian and European authorities and courts. In addition, she or he must have reliable and thorough knowledge about the concepts and rules of, and the latest challenges in, information security. She or he needs to understand the legal, IT and business expectations, and be capable of communicating them in plain language. A DPO is aware of the best practices, and seeks lawful solutions in the light of the business opportunities.

The Data Protection Officer may be one of your employees, but you may also hire an external expert under a services agreement. In both cases, his or her independence must be ensured. The DPO must report directly to the senior management. She or he cannot be removed from this position or held accountable in connection with his or her activities.

Why should you use our Data Protection Officer as a Service solution?

• We have the right mix of professional competences and thorough knowledge of both Hungarian and European data protection legislation and practice, particularly the new EU General Data Protection Regulation (GDPR);
• effective communication with data subjects;
• excellent working relationships with the supervisory authorities;
• several years of experience in the world of business;
• in-depth knowledge about data processing activities and information systems as well as data security and protection measures that controllers are required to have in place;
• our staff possesses a high degree of professional ethics and integrity;
• we treat any information confidentially in accordance with our obligation of professional secrecy;
• we efficiently cooperate with stakeholders as a point of contact;
• in contrast with DPOs who are employees of their companies and almost impossible to remove, you can terminate the services agreement concluded with us whenever you want.

How can we support your organisation if you outsource the role of the DPO to us?

• We play a key role in fostering data protection across your organisation;
• all parties involved in the data processing can place their trust in us and contact us concerning any matter regarding the exercise of their rights;
• we carry out our duties complying with our statutory obligation of professional secrecy to the maximum possible extent;
• we regularly provide you with information and professional advice regarding the steps to take to comply with the requirements of GDPR;
• we provide information on what internal training sessions or courses can contribute to enabling employees and the management to carry out data processing activities in a responsible manner;
• if so requested, we organise informative or awareness-raising training sessions or courses on data protection and information security, even particularly focusing on HR, CRM, direct marketing, etc. or specific issues;
• we continuously monitor compliance with GDPR and other applicable data protection provisions (by gathering information to identify the data processing activities, and analysing and verifying the compliance of such activities), thereby ensuring that data processing is safe and has no adverse impacts on your business;
• we monitor the carrying out of data protection impact assessments and, at your request, provide you with professional advice on the methodology and implementation;
• we efficiently cooperate with stakeholders, including authorities, as a point of contact;
• we perform our duties having due regard to the risks associated with your data processing operations, also taking into account the nature, scope, context and purposes of the data processing;
• owing to our professional experience and complex knowledge, we are able to prioritise our activities and thus focus primarily on high-risk areas while also monitoring other activities that pose a risk to your organisation.

Finally, let us give you a piece of good advice: You should not trust data protection “specialists” who received their DPO certification after completing a 2-day crash-course.

Request a quotation or ask for our references.