Identifying a Data Protection Officer (DPO) for your institution should be one of the steps your team is taking to prepare for the implementation of the General Data Protection Regulation (GDPR). This new role is required by the GDPR and is an important step in maintaining compliance and reinforcing enterprise security.
If you haven’t identified the right individual within your institution, don’t worry you still have time before the May 25th deadline. Your DPO doesn’t necessarily need to be a new hire, as there is likely an individual who currently manages similar data security and compliance responsibilities in their daily workload.
Your DPO should oversee the following:
- Serve as the main point of contact between your institution and GDPR supervising authorities
- Staying abreast of data protection law to education and train your teams, ensuring compliance requirements are met
- Auditing data and data processes to ensure compliance and address potential issues as they arise
- Provide advice on best practices and work in the best interest of your institution’s cyber-securities best practices
- Maintain thorough records of data processing activities, so information can be provided should a constituent elect to exercise his or her rights
- Responsible for compliance and auditing of all responses to any GDPR covered individuals and the process to fulfill their rights under the regulation
Note that if your institution is within an enterprise network, it can be possible to have one DPO for all schools within the same system. However, if there is not an individual within your organization who is fit to take on the role of DPO, this position can be outsourced to a third party company and the responsibilities will stay the same. Keep in mind that should you do this, the DPO will need to be granted full access to your data for monitoring and auditing purposes.
Once you have identified a Data Protection Officer for your institution, let us know by completing this form so we know who to contact should an issue ever arise on our end. Our team will only communicate with the Data Protection Officer on an as-needed basis and they will not be added to our weekly newsletter and other client community activities. Keep in mind that according to the new regulation, his or her details will need to be made available to the GDPR supervising authority and to the public.
The information provided herein is not for legal advice and is solely for informational and/or educational purposes. Furthermore, this information represents our current interpretation of GDPR. It is recommended you contact your attorney to obtain advice regarding GDPR.