Prior to the entry into force of the GPDR, it was not mandatory to designate a person responsible for the protection of personal data within companies and administrations. In the past, the person in charge of personal data was called the Correspondant Informatique et Liberté (CIL). Since the entry into force of the General Data Protection Regulation, the job has evolved, it has become compulsory in some cases and has changed its name to the DPO. But you have to ask yourself “What does DPO mean? ».
Articles 37 to 39 of the General Data Protection Regulation give a precise definition of what is meant by DPO GDPR in administrations and companies. DPO means Data Protection Officer in English, the French term is DPD, Délégué à la Protection des Données. That said, the English term has taken over, which is why it is generally referred to as DPO. Mandatory in many cases, the DPO has become a real asset in companies that collect data.
Finding the profile of the Data Protection Officer required by the General Data Protection Regulation will require
Choosing your company’s DPO is not to be taken lightly. The choice of your Data Protection Officer (= DPO / DPD) must follow a certain number of competence criteria, as well as a good level of expertise to meet your needs in terms of personal data protection.
According to the European General Data Protection Regulation, the DPO is appointed on the basis of his or her professional qualities and specialist knowledge of data protection law and practice and his or her ability to perform his or her duties. The DPO must be familiar with the GDPR and with national and European personal data practices. He or she must also be familiar with the functioning of your company in order to be able to offer you solutions tailored to the specific data protection needs you may encounter.
Depending on your needs and available financial means, you can appoint a DPO internally or externally. As far as VSE and SME are concerned, it may be advantageous to appoint an outsourced DPO because these smaller structures will not need to mobilize an internal employee for this position. Moreover, they do not necessarily need to have a full-time DPO. Appointing a DPO therefore helps to limit expenditure in terms of recruitment.
Désignating Actecil as DPO is :
The DPO will have several tasks predefined by the General Data Protection Regulation, he is mainly responsible for :
The aim of the DPO is therefore to act as a link between all the company’s stakeholders in order to generate and maintain respect for and trust in the processing of personal data.
The DPO assists you in the implementation of the new obligations linked to the GDPR, to do this he must :
In order to become a DPO, legal expertise in the field of personal data protection is required. It is possible to follow training courses to become a DPO, these courses allow :
The DPO certification from the CNIL is not mandatory to work as a data protection officer. However, it does allow the skills and know-how to be put forward. This certification is a real guarantee of trust and expertise for the company, customers, employees and suppliers.
In order to pass the DPO certification of the CNIL, the following conditions must be met:
RGPD Academy training courses are available in virtual classrooms and e-learning and can be delivered remotely. Here are our courses available to help you prepare for the DPO certification exam:
This training will put you in a real-life situation thanks to practical cases and an examination of 20 questions of the DPO certification type. In addition, at the end of these training courses, RGPD Academy will issue you with a training follow-up certificate. This document certifies your level of competence.
Our training courses do not lead to DPO certification. To obtain this certification, you must contact a certifying body approved by the CNIL.
