THE ROLE OF THE DATA PROTECTION OFFICER IN THE ORGANIZATION’S STRUCTURE

Abstract

Entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ EC (General Data Protection Regulation) significantly changed the legal situation of information security administrators. The new institution is a data protection officer. The provisions of the regulation not only changed the name but also the requirements for the person who will perform it in the organization. The main task of the DPO is to provide expert support to the controller and the processor and to monitor compliance with the provisions on personal data protection in cooperation with the supervisory authorities. The importance of the DPO’s function has been strongly emphasized in recital 97 of the preamble to the GDPR. This means that the data protection officer is the person responsible for acting in accordance with the data processing regulations. The independence of DPO is guarantee by its correct placement in the structure of the controller’s organization. As regards the employment of a DPO, the legislator left employers a large dose of freedom. Acquiring specialists dealing in the personal data protection in the company is possible by selecting several options. We can deal with the employment of a stationary specialist or an external consultant. Due to the very wide competence of the DPO, the legislator also provided for the possibility of commissioning the inspector’s tasks to a group of people or a department or an external company.