• Courses
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
      •  
        • RegisterLog in

      Blog

      Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources
      • Date September 7, 2020

      Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

      Section 3.1.  Involvement of the DPO in all issues relating to the protection of personal data

      Article 38 of the GDPR provides that the controller and the processor shall ensure that the DPO is ‘involved, properly and in a timely manner, in all issues which relate to the protection of personal data’.

      It is crucial that the DPO, or his/her team, is involved from the earliest stage possible in all issues relating to data protection. In relation to data protection impact assessments, the GDPR explicitly provides for the early involvement of the DPO and specifies that the controller shall seek the advice of the DPO when carrying out such impact assessments. Ensuring that the DPO is informed and consulted at the outset will facilitate compliance with the GDPR, promote a privacy by design approach and should therefore be standard procedure within the organisation’s governance. In addition, it is important that the DPO be seen as a discussion partner within the organisation and that he or she be part of the relevant working groups dealing with data processing activities within the organisation.

      Consequently, the organisation should ensure, for example, that:

      • The DPO is invited to participate regularly in meetings of senior and middle management.

      • His or her presence is recommended where decisions with data protection implications are taken. All relevant information must be passed on to the DPO in a timely manner in order to allow him or her to provide adequate advice.

      • The opinionof the DPO must always be given due weight. In case of disagreement, the WP29 recommends, as good practice, to document the reasons for not following the DPO’s advice.

      • The DPO must be promptly consulted once a data breach or another incident has occurred.

      Where appropriate, the controller or processor could develop data protection guidelines or programmes that set out when the DPO must be consulted.

      • Share:
      author avatar
      Richard V

      Previous post

      Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
      September 7, 2020

      Next post

      Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
      September 7, 2020

      You may also like

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
      29 November, 2020

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.3  Risks to free flow of personal data within the Union 44. Where the objection will refer to this particular risk, the CSA will need to clarify why it …

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
      29 November, 2020

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.2  Risks to fundamental rights and freedoms of data subjects 39. The issue at stake concerns the impact the draft decision as a whole would have on the data …

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
      29 November, 2020

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.1  Meaning of “significance of the risks” 35. It is important to bear in mind that the goal of the work carried out by SAs is that of protecting …

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Uncategorized
      Facebook-f
      Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2022

      GADPPRO Academy 2022

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now