Data Protection & External DPO

Data Protection & External Data Protection Officer service

Business Advice Spain provides Data Protection & External DPO services in Spain. Or anywhere else in the European Union for that matter. The General Data Protection Regulation (GDPR) states the following in that regard:

  1. You may appoint a single data protection officer for a group of companies provided that the DPO is easily accessible from each company;
  1. You should appoint a DPO on the basis of professional qualities. Besides that the DPO must have expert knowledge of data protection law and practices because the DPO should have the ability to fulfill the tasks referred to in Article 39 of GDPR.
Overseas company, do you need a DPO?

the Regulation states two situations in which you need to appoint a DPO.

  1. core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;
  2. or the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10.

However local law may impose more and specific situations in which a controller or processor need to appoint a Data Protection Officer. In Spain those are the situations mentioned here.

Tasks of the Data Protection Officer
  1. According to the General Data Protection Regulation a Data Protection Officer should be tasked with:
    Functions as the data protection contact point for employees, consumers and supervisors;
  2. Designs, develops and implements data protection policies and procedures. Besides that, it gives data protection awareness courses and seminars to management and personnel;
  3. Performs specific General Data Protection Regulation (GDPR) audits, data protection impact and risk assessments, the DPO helps drafting records of processing and contractual arrangements;
  4. Helps remedying and, more importantly, preventing data breaches.
  1. Informing and advising the company and its and the employees on their obligations pursuant to applicable law;
  2. Monitoring compliance with applicable law and with the policies of the company in relation to the protection of personal data. Including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
  3. Providing advice where requested with respect to the data protection impact assessment and monitor its performance pursuant to Article 35 of GDPR;
  4. Cooperating with the relevant supervisory authority;
  5. Acting as the contact point for the supervisory authority on issues relating to processing. Including the prior consultation referred to in Article 36 of GDPR, and to consult, where appropriate, with regard to any other matter;
  6. Having an eye for the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

Contact us if you like further information on our Data Protection & External DPO service. Our services start from as little as 10 hours per month.  We help with your compliance and serve as full time DPO to your company.

We have written more on the topic of data protection here.

External DPO service