DPO
to appoint
Appoint DPO: call on the experts at Mr. Franklin.
What is a Data Protection Officer (DPO)?
AData Protection Officer (DPO) is a person who monitors compliance with privacy legislation in a company. In Dutch one also speaks of a data protection officer.
TheGDPR(General Data Protection Regulation or General Data Protection Regulation) is of great importance here. This relatively new European privacy legislation gives European citizens a number of rights so that their privacy is better protected, but also imposes a number of obligations on companies. A DPO can ensure that your company is GDPR-proof.
Is appointing a DPO mandatory?
No, although it may be helpful to appoint a data protection officernot an obligation for many companies. In some cases, however, companies are obliged to appoint a DPO. InArticle 37(1) of the GDPRthree situations are distinguished in which a DPO must be appointed.
Want to read more aboutenterprisesand appointing a DPO? Then take a look atthis page.
​
Data processing by the government
This situation is the simplest: when data processing by agovernment agencyor agovernment bodyoccurs, a DPO must be appointed. An exception to this is the exercise of judicial duties by the courts.
​
Regular and systematic observation on a large scale
When a controller or processor is mainly responsible for processing personal data thatregular and systematic observation on a large scaleof the data subjects, a DPO will also have to be appointed. This follows from the nature, scope and/or purposes of these processing operations.
It should pertain to thecore taskof acontroller. This means that it is either the main activity of a company or a secondary activity that is inextricably linked to this main activity.
In a security company observing security cameras in a shop, the main activity is the processing of personal data, where this processing requires regular and systematic observations of data subjects, namely the persons entering the shop.
A hospital, on the other hand, does not have the main activity of processing patient data. However, this is a secondary activity that is closely linked to the main activity of the hospital, namely the provision of health care. Without processing data, the hospital would not be able to run.
​
Large-scale processing
The last situation in which a DPO must be appointed is when the controller or processor has thelarge-scale processing of certain types of dataas its core task. This concerns two types of data: special categories of data such as health data and personal data relating to criminal convictions and criminal offences.
​
Special Categories of Data
Article 9 of the GDPRgoes into more detail on this onespecial categories of personal data.
This includes personal data from which race or ethnic origin can be deduced, or data relating to someone's sexual behavior or sexual preference, political opinions or philosophical beliefs. Genetic data and biometric data are also included.
Processing this special data is, by the way, in principleforbidden, although there areexceptionson. For example, processing may take place if the person concerned has given his or her consent voluntarily and in writing.
​
​
Criminal convictions and offences.
When therecriminal personal dataprocessing, a DPO must also be appointed. This concerns personal data related to criminal convictions and criminal offences. For companies, this category of personal data is often not relevant.
​
Who can act as a Data Protection Officer?
A DPO can do bothinternalifexternalbe appointed. An internal DPO will then be an employee of the company itself. An external DPO, on the other hand, is separate from the company and acts independently.
​
What are the advantages of an (external) DPO?
Even though it is not always mandatory to appoint a DPO, it often hasadvantages. Even supervisory authorities attach a certain importance to this.
For companies that process a lot of or sensitive personal data, it is always a good idea to have aDPOto set. In this way, you as a company have more certainty that you meet the requirements of the GDPR and that the privacy of those involved is not compromised. By operating GDPR-proof, you create trust as a company, which is always positive.
Appointing a DPO can also have the advantage of being seen as a mitigating factor when the competent supervisory authority decides whether or not to impose a fine. In Belgium this is the Data Protection Authority.
Aexternal DPOhiring only hasadvantages. External DPOs are trained and have extensive expertise in the field of privacy legislation in all kinds of sectors. Their independence from the company is also a major asset. More information about hiring an external DPO and the benefits associated with this can be found inthis articleabout external DPOs.
​
​
What can Mr. Franklin mean to your company?
DPO-as-a-servicemeans that an external Mr. Franklin DPO helps your company to implement the GDPR requirements.
There are currently three certified DPOs working at Mr. Franklin, who have already gained a lot of experience at all kinds of companies and governments. They therefore know perfectly well how data processing within your company can be tackled in the most efficient and thorough way.
mr. Franklin attaches great importance to a pragmatic and transparent approach. You can contact us for customized service. The specific needs and requirements of your company will be looked at, so that it can operate in a GDPR-proof manner.
Clarity about the costs is also very important to us. We therefore work with all-in formulas, where the price for a quarterly subscription DPO as a service starts from €300 + VAT.
​
​
contact us
For more information about our services, you can always contact us without obligation.
Oliver Sustronck
+32 486 27 53 05
CONTACTEER ONS!
