The DPO (Data Protection Officer) is responsible for an organization’s data protection compliance. Enterprises need to adopt a DPO under the European Union’s General Data protection Regulation (GDPR) and is mandatory under these situations:
As a matter of fact, even small and medium-sized enterprises are not exempt from appointing a DPO. The regulation for each EU country will specify the circumstances under which a DPO has to be appointed. Even if the enterprises appoints a DPO of their own accord, they still have to take care regarding the DPO necessities in the GDPR.
The GDPR states that there should be no interference from the enterprise or its employees when DPO carries out his task. So, any organization cannot dictate what result should be achieved or how a complaint should be investigated. The enterprises need not teach the DPO about the interpretation of data protection law. The enterprises have to ensure that there is no conflict of interests when the DPO is doing his duties. There might be cases when the senior positions in an enterprise conflict with the duties of the DPO. But, the DPO cannot be fined or dismissed if he performs their tasks. The DPO has to report directly to the higher managers in the enterprise and that has to be taken care of by them.
Any non-compliance of GDPR by the enterprise will not make the DPO individually liable. The task of the DPO is to monitor the GDPR compliance of the enterprise. If organizations are not interested in heeding to the advice of the DPO, then they are free to do so, but they must submit in writing the reasons for not following the advice.
The incidence of non-compliance of EU GDPR might lead to fines for an enterprise even up to €10 million or may be 2 percent of the global turnover, whichever of these may be greater.
So, Data Protection Officer has an important role to play in GDPR EU. The enterprises should assess if they require the services of a DPO to achieve GDPR EU compliance. The GDPR gives enterprises full freedom to choose either an internal or external DPO. Whatever the decision, enterprises need to have adequate security solutions in place to achieve GDPR compliance and this is also possible through efficient CASB solutions.