External Data Protection Officer (“DPO”) Service
Business Advice Spain provides an external Data Protection Officer Service to companies. The General Data Protection Regulation (GDPR) states the following:
- You may appoint a single data protection officer for a group of companies provided that the DPO is easily accessible from each company;
- You should appoint a DPO on the basis of professional qualities. Besides that the DPO must have expert knowledge of data protection law and practices because the DPO should have the ability to fulfill the tasks referred to in Article 39 of GDPR.
Business Advice Spain serves as the Data Protection Officer of healthcare and insurance companies. As such it:
- Functions as the data protection contact point for employees, consumers and supervisors;
- Designs, develops and implements data protection policies and procedures. Besides that, it gives data protection awareness courses and seminars to management and personnel;
- Performs specific General Data Protection Regulation (GDPR) audits, data protection impact and risk assessments, the DPO helps drafting records of processing and contractual arrangements;
- Helps remedying and, more importantly, preventing data breaches.
According to the General Data Protection Regulation a Data Protection Officer should be tasked with:
- Informing and advising the company and its and the employees on their obligations pursuant to applicable law;
- Monitoring compliance with applicable law and with the policies of the company in relation to the protection of personal data. Including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
- Providing advice where requested with respect to the data protection impact assessment and monitor its performance pursuant to Article 35 of GDPR;
- Cooperating with the relevant supervisory authority;
- Acting as the contact point for the supervisory authority on issues relating to processing. Including the prior consultation referred to in Article 36 of GDPR, and to consult, where appropriate, with regard to any other matter;
- Having an eye for the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
Contact us if you like further information on our Data Protection Officer service. Our services start from as little as 10 hours per month. We help with your compliance and serve as full time DPO to your company.
We have written more on the topic of data protection here.