Hello everyone, this is Manon DURAND, health lawyer at Pharmaspecific. We’re meeting again today to talk about the General Data Protection Regulation (the GDPR), which is the reference text in terms of personal data protection, and which came into force in the European Union on May 25, 2018.
The question of the day is how to become a DPO. As a reminder, the DPO or data protection officer, is the person who will take care of the compliance of the company that has appointed him to the GDPR. That is to say, he is the one who will set up all the obligations related to the GDPR. For example, the processing registers, the impact assessment, making the data breach notification… For the organization that appointed him.
There is no obligation to appoint a DPO, except in certain cases that are restrictively listed by the GDPR, but even if you are not part of these cases, nothing prevents you from voluntarily appointing your DPO.
How should the DPO be chosen? The DPO must be chosen on the basis of his professional skills and in particular his knowledge of the law and data protection principles and his ability to carry out his missions.
To do this, he must be able to do several things. First of all, he must know how to communicate clearly and he must be able to be independent, i.e. he must not be subject to interference from the CEO in the exercise of his missions. Secondly, he must have a very good knowledge of the law and of the principles of personal data protection, so he must know everything about the GDPR.
He must also be very familiar with the business sector of the company for which he is carrying out his missions and know where it stands in terms of its computerization systems, how things are really going internally, in order to be able to carry out his missions in the clearest possible way. Finally, he must be hierarchically positioned in a place that allows him to report to management on a regular basis and, in the event of a data breach notification, for example, to be able to address management directly without having to wait for an excessively long time.
So, as you can see, there is no typical DPO profile, there is no school to be a DPO. As long as the designated person has the legal and technical skills that allow him to do this job, he can be designated. You should also know that the CNIL has set up a DPO certification so you can have your DPO certified. This involves written exams, questions… However, this certification is not mandatory. You can have a DPO within your organization who carries out his missions in a regular way without having to make him pass a certification.
That’s it for this video, I hope you liked it. If you did, don’t hesitate to subscribe to our channel and to like this video and you will find in the information bar the information about our services and in particular the monthly legal watch and the legal advice. As for me, I’ll see you soon for a new video.{:}
