The DPO : A real asset in your company ?
Prior to the entry into force of the GPDR, it was not mandatory to designate a person responsible for the protection of personal data within companies and administrations. In the past, the person in charge of personal data was called the Correspondant Informatique et Liberté (CIL). Since the entry into force of the General Data Protection Regulation, the job has evolved, it has become compulsory in some cases and has changed its name to the DPO. But you have to ask yourself “What does DPO mean? ».
What does DPO mean?
Articles 37 to 39 of the General Data Protection Regulation give a precise definition of what is meant by DPO GDPR in administrations and companies. DPO means Data Protection Officer in English, the French term is DPD, Délégué à la Protection des Données. That said, the English term has taken over, which is why it is generally referred to as DPO. Mandatory in many cases, the DPO has become a real asset in companies that collect data.
How do you choose your DPO?
Finding the profile of the Data Protection Officer required by the General Data Protection Regulation will require
- A budget
Choosing your company’s DPO is not to be taken lightly. The choice of your Data Protection Officer (= DPO / DPD) must follow a certain number of competence criteria, as well as a good level of expertise to meet your needs in terms of personal data protection.
According to the European General Data Protection Regulation, the DPO is appointed on the basis of his or her professional qualities and specialist knowledge of data protection law and practice and his or her ability to perform his or her duties. The DPO must be familiar with the GDPR and with national and European personal data practices. He or she must also be familiar with the functioning of your company in order to be able to offer you solutions tailored to the specific data protection needs you may encounter.
Depending on your needs and available financial means, you can appoint a DPO internally or externally. As far as VSE and SME are concerned, it may be advantageous to appoint an outsourced DPO because these smaller structures will not need to mobilize an internal employee for this position. Moreover, they do not necessarily need to have a full-time DPO. Appointing a DPO therefore helps to limit expenditure in terms of recruitment.
Why designate Actecil as DPO?
- Your organisation is obliged by the GDPR to designate a DPO
- You do not have the resources or skills in-house to carry out this DPO mission successfully
- You have to deal with the regulations concerning the protection of personal data
- You process personal data on a large scale
Désignating Actecil as DPO is :
- Quality service : responsive, operational
- 13 years of expertise
- Benefit from a 360-degree offer : tailor-made solutions adapted to your needs
The role of the DPO in your company
The DPO will have several tasks predefined by the General Data Protection Regulation, he is mainly responsible for :
- To inform and advise the controller and employees
- To monitor compliance with the GDPR
- To advise the company on the implementation of PIAs (Privacy Impact Assessments)
The aim of the DPO is therefore to act as a link between all the company’s stakeholders in order to generate and maintain respect for and trust in the processing of personal data.
The DPO assists you in the implementation of the new obligations linked to the GDPR, to do this he must :
- Inform you about these new obligations related to the GDPR
- Make you and all staff aware of the impact of these new rules
- Manage your GDPR compliance over the long term
- To offer you solutions adapted to your needs
Developing and enhancing DPO skills through DPO certification
In order to become a DPO, legal expertise in the field of personal data protection is required. It is possible to follow training courses to become a DPO, these courses allow :
- Acquire expertise in data protection and legislation
- Mastering good practices to set up a process for compliance with the GDPR
- Have a good knowledge of the company’s sector of activity
- Set up awareness and communication tools related to the GDPR internally and externally Our DPO training courses enable DPOs to carry out their duties
Preparing for DPO certification
The DPO certification from the CNIL is not mandatory to work as a data protection officer. However, it does allow the skills and know-how to be put forward. This certification is a real guarantee of trust and expertise for the company, customers, employees and suppliers.
In order to pass the DPO certification of the CNIL, the following conditions must be met:
- 35 hours of training
- At least 2 years experience in a field related to the protection of personal data (legal, administrative, IT, …)
RGPD Academy training courses are available in virtual classrooms and e-learning and can be delivered remotely. Here are our courses available to help you prepare for the DPO certification exam:
- Training for the DPO certification exam (e-learning): this training course is aimed at any DPO or future DPO, or any person responsible for GDPR compliance within a company and wishing to train for the Data Protection Officer
- Practicing the DPO trade: preparation for DPO certification (virtual classroom): this training is intended for designated or aspiring
This training will put you in a real-life situation thanks to practical cases and an examination of 20 questions of the DPO certification type. In addition, at the end of these training courses, RGPD Academy will issue you with a training follow-up certificate. This document certifies your level of competence.
Our training courses do not lead to DPO certification. To obtain this certification, you must contact a certifying body approved by the CNIL.