Appointing a Data Protection Officer (DPO)

We offer certified DPOs to take care of all the required tasks outlined in Article 39 of the GDPR which include the following:

  1. Inform and advise your organisation and staff on the Regulation
  2. Guide you through the data protection impact assessment process
  3. Monitor compliance with the Regulation
  4. Act as the contact point for issues related to the Regulation for your clients and staff
  5. Act as the contact point for the competent Supervisory Authorities

Companies required by law to appoint a DPO

For some companies, it is mandatory to appoint a DPO. Certain exemptions and requirements differ for different EU jurisdictions and may be updated. You can look up the latest information on your local Data Protection Authority website as listed by the European Commission. The flowchart shows a rough guide, and you can read the general guideline by the European Commission. Chart

Evidence of Return of Investment (ROI) for having a professional DPO service

As GDPR has strict deadlines for handling issues and reporting incidents, companies greatly benefit from having an experienced professional DPO service in the following ways:

  1. A DPO with experience in handling various kinds of incidences can resolve issues more swiftly and appropriately, reducing the risk of fines.
  2. Various reports have shown inexperienced DPOs can cause greater damage for companies by mishandling incidents (e.g. sending data subject requests to the wrong person).
  3. A data incident can happen at any time, and a professional DPO service is equipped to respond even on public holidays.

A DPO experienced in handling various kinds of incidences can resolve issues more swiftly and appropriately, reducing the risk of fines.
Various reports have shown inexperienced DPOs can cause greater damage for companies by mishandling incidents (e.g. sending data subject requests to the wrong person).
A data incident can happen at any time, and a professional DPO service is equipped to respond even on public holidays.

*”Cost of a Data Breach Report” 2018 and 2019 by Ponemon research has shown that having a competent Incident Response team including DPO tasks (like employee training) are some of the top factors for reducing the total cost of a data breach when one occurs.

Highest standards for DPO outsourcing

The GDPR states in Article 37.5 that the DPO must have “expert knowledge of data protection law and practices”. This means that having proven knowledge of GDPR (e.g. DPO certification) is only half the equation. The DPO must also have expert knowledge on IT practices. This is why it’s important to have a DPO with experience in IT infrastructure and working with data.
The DPO can be an internal or external expert. However, companies must be particularly careful that the DPO remains independent and their duties “do not result in a conflict of interests” as stated in Article 38.6.

The key point is for your DPO to have both theoretical and practical experience of how data protection and IT systems work, so when incidences occur, it can be handled swiftly and effectively.

The Enobyte difference:

  1. Built upon over 20 years in building secure IT systems and infrastructure.
  2. Broad experience in protecting personal data for multinational corporations as well as local businesses, in the fields of manufacturing, electronics, retail, hospitality, travel, and education.
  3. Trusted certification for GDPR knowledge.
  4. Communications in German, Japanese and English.