DPO Framework for Canvas GDPR Model

Abstract

Regulation (EU) 2016/679, like Law nº 58/2019, brings with it an important innovation under the terms of article 37 of the RGPD, the person responsible and the subcontractor having, in most cases, to appoint a Protection Officer (DPO) internal or external to the Organization. An expert in the practice of privacy and data protection. To consolidate the role of the DPO, we suggest, in this article, a new methodology for implementing GDPR compliance in an organization, where the focus is placed on privacy and security, from conception—“Data Protection by Design”, and by default—“De-sign by Default”, and capable of mitigating the risk of data breach (Data Breach). This new model, called Canvas GDPR model, is a methodological proposal for governance, privacy and protection of personal data that will help design the organization’s compliance with the GDPR (Data Protection Impact Assessment), but also guarantees the “accountability” of the organization’s business model with the rights of Data subjects. The model was validated and applied in a social housing organization. In this research work, it was proved that the Canvas GDPR model is a strategic and entrepreneurial tool, very useful for the DPO, nicknamed Chief Privacy Officer (CPI) or Data Protection Officer (DPO), in the translation not very well achieved to Data Protection Officer (EPD).