WHO IS THE DATA PROTECTION OFFICER AND WHAT DOES IT DO?

The European regulation "Global Data Protection Regulation" (GDPR) provides, within the scenario of corporate IT security, various figures responsible for the treatment, processing and protection of data. In fact, in a highly interconnected world the role of data has grown of importance and, therefore, also the legal protection of it gained a central role inside the european legislation. Not surprisingly, data is the main target of cyber attacks that occur at the hand of criminal organizations which operate purely in the cyber space (in this case we speak of Cybersecurity).

Remaining in the corporate security scenario, the GDPR finally provides an adequate governance system for companies that collect, manage and process data whether they are their own or those of other subjects (e.g. sensitive / personal data).

The European directive regulates the processing and management of data with certain provisions that must be respected by all companies in the?27 member states of the European Union. Not only companies based in the EU will be involved but also those that, albeit based outside the European Union, operate on data from a state that is part of it. For companies that do not follow and respect this precise legislation, very severe penalties are envisaged.

Among the rules of the GDPR that came into force starting from 2018, it is prescribed that each company processes the data under the responsibility of the?data controller?who can in turn delegate the protection of the latter to a?Data Protection Officer. This figure, who may or may not be an employee of the company (for example a freelancer who works for various companies at the same time), is responsible for ensuring that all the technical and administrative procedures are put in place, and constantly implemented ensuring therefore the correct data processing and protection in accordance with the provisions of the GDPR.

THE GDPR, THE GENERAL REGULATION ON DATA PROTECTION IN FORCE SINCE 2018

From 25 May 2018, the European Regulation 2016/679 issued the "General Data Protection Regulation (GDPR - General Data Protection Regulation)" on the processing of personal data to ensure their protection and circulation, which is mandatory for the authorities, for almost all public bodies and for those who process sensitive or judicial data.

The legislation on "the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data" provides that for all companies, public and private, which deal with the processing of personal data, it is mandatory to have the figure of the?Data Protection Officer,?a data protection officer who will take care of preparing a plan to guarantee the security of data processing within a company.

In view of the GDPR, European companies will have to organize themselves to understand how to best manage their data and, according to the latest surveys, it seems that they are not yet ready for this type of organization.

The figures responsible for data within the companies (data controller and?data processor, according to the GDPR regulation) must notify the data protection authorities by sending the report of the violation within?72 hours.

The Data Protection Officer?must know the legislation and how to manage personal data correctly and securely. The figure should carry out his function in full autonomy whether he works as an employee or as an external collaborator in order not to have any external influence that compromises his modus operandi.

The duties of the Data Protection Officer?are described in art. 39 of the Regulation and in summary we can say that the data manager must:

• inform the personnel involved in data protection of the provisions of the GDPR, the EU and the regulations of each state;
• verify that the regulations are implemented and respected;
• be a point of reference, and also act as a bridge, for the Privacy Guarantor and for the managers of the data processing area;
• but above all to ensure compliance with the rules in order to avoid sanctions.

The figure of the DPO, with a mixed background between?information technology?and?law?regarding data processing and privacy, will have, among other tasks, the responsibility of carrying out impact assessments on data protection (Article 35 of the GDPR ). Precisely for this purpose, the DPO is an expert in privacy and data processing.

The GDPR also introduces the figures of the data controller and the data processor, respectively the owner and the person in charge of data processing. However, in the current business scenario, the processing of data concerns all the operational and administrative procedures of the company as well as the technology adopted during the life cycle of the "data": from its generation, or acquisition, until its storage or destruction.

DATA PROTECTION OFFICER TRAINING AS PART OF THE GEEKS ACADEMY INFORMATION SECURITY & DATA PROTECTION COURSE

Precisely for these reasons, Geeks Academy has created a course that includes the GDPR regulation in the more general framework of?Information Security?&?Data Protection. These course not only prepare for the training to become a DPO, but also allows participants to acquire a competence on IT security management methods, with a complete overview of every step of the technology involved in its implementation and, in addition, to obtain a EXIN certifications recognised worldwide in both fields.