GDPR establishes, among other aspects, the figure of the Data Protection Officer (DPO). Implement practices to manage the use of personal data. Maintain privacy notices about personal data. Execute a plan for requests, complaints and rectifications. Perform a data protection risk assessment. Issue PD & P reports. Maintain data privacy documentation. Establish and maintain a privacy breach response plan. Conduct internal PD & P audit. Involve an external party for PD & P assessments. Conduct assessments and establish benchmarks. Perform data protection risk assessments. Resolve PD & P risks. Report PD & P risk analysis and results. Monitor PD & P laws and regulations.
Our customers may have, through our services, someone to take care of the protection of citizens' personal data (employees, individuals outside the organization or both). The GDPR requires that certain institutions that collect, process or store this type of information on a large scale have a DPO. When to hire our services? when data processing is done by a public authority or body (with the exception of those who exercise jurisdictional activity); when the institution is involved in systematic (and large-scale) monitoring of users' personal data; when the entity processes or controls sensitive personal data or related to criminal convictions or offenses.