The Regulation, encouraging companies to take responsibility for using data in such way that they do not harm the persons to whom the data belong, establishes the principle of accountability, the basis of which should be the qualified Data Protection Officer in the company.
The Data Protection Officer, during the performance of his tasks, should properly evaluate the risks associated with data processing operations, taking into account the nature, scope, context and objectives of the data processing.
Such an officer will become an intermediary among the employees, the persons whose data is collected (consumers, customers, partners, etc.) and supervisory authorities.
The Regulation does not provide that the Data Protection Officer is obligatory in each company, but it seems that most of FinTech’s companies will need to hire the Data Protection Officer because most of them will collect, secure, use and process specific personal data (biometric data for identification of individuals), the processing of data will be related to the main activity of such companies, these companies according to a certain procedure will constantly or regularly evaluate the risks of creditworthiness assessment, terrorist financing, money laundering prevention .
The Regulation does not provide that the Data Protection Officer is obligatory in each company
The Regulation allows to choose whether the functions of Data Protection Officer will be performed by an employee or a natural or legal person from the outside acting under service contract.