DATA PROTECTION OFFICER

The primary role of the data protection officer (DPO) is to monitor the compliance with the applicable data protection rules. DPO:

  • Ensures that controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness about them.
  • Gives advice and recommendations about the interpretation or application of the data protection rules.
  • Maintains records of all data processing activities conducted by organisation.
  • Conducts regular assessments and audits to ensure GDPR compliance.
  • Handles queries or complaints on request by the institution, the controller, other person(s).
  • Cooperates with the controller (responding to its’ requests about investigations, complaint handling, inspections conducted etc.).
  • Ensures that data subjects’ requests to see copies of their personal data or to have their personal data erased are fulfilled or responded to, as necessary.
  • Draws attention to any failure to comply with the applicable data protection rules.
  • Trains employees on GDPR compliance requirements.

DPO role is mandatory under GDPR in these specific cases:

  1. Where a public authority or body carries out data processing;
  2. Where the controller or processor’s core activities consist of processing operation which require regular and systematic monitoring of data subjects on large scale;
  3. Where the core activities consist of large-scale processing of special categories of data or personal data relating to criminal convictions and offences.

All other organisations not being legally obliged may voluntarily designate a DPO. GDPR allows to choose whether the functions of Data Protection Officer will be performed by an employee or external expert.

ECOVIS ProventusLaw provides Data Protection Officer services.

Loreta Andziulytė

Lawyer, attorney at law, partner of the law firm, CIPP/E.

Contact person