Data Protection Officer

One of the most important changes introduced by the new data protection legislation since 25 May 2018 is the transition from the voluntary appointment of an information security administrator (ABI) to a model in which the appointment of a data protection officer (DPO) is stipulated for many entities. In view of this, each entity should analyse whether, in light of the RODO has such an obligation. The President of the Office for the Protection of Personal Data recommends that consideration be given to appointment of a data protection officereven if there is no obligation to appoint a DPO. This person, as a professional, will support you in properly organising the processing of your personal data, protecting you from customer claims or sanctions from the supervisory authority.

It is submitted that an organisation that decides not to appoint a DPO should have a documented internal procedure to establish the obligation or lack of obligation to appoint a DPO (assessment against the grounds indicated in Article 37(1) RODO).

The Data Protection Officer is to have an advisory and monitoring role within the organisation. The DPO should have an adequate knowledge of national, European and sectoral legislation and practices on protection of personal data. At the same time, he or she should have adequate knowledge of the processing, information systems and security measures in place at the controller, the sector in which the controller operates, administrative procedures and the functioning of the unit.

Experts of the Commercial and Tax Law Office Marek K. Wynimko have a focused educational background and extensive and proven experience as an IOD (and previously ABI).

If you have any questions about the outsourced DPO role, please contact rodo@wynimko.gogler.com.pl.