Time is marching on to May 2018, when the EU’s data protection law will be revamped to give individuals much more control over their personal data.
You probably already know that organisations need to show compliance with the General Data Protection Regulation (GDPR) and that many will need to employ a Data Protection Officer. But who can be a DPO? What do you need to do to become one?
The role of a DPO has been relatively informal in the past but has now been formalised by the regulation. Still, the regulation doesn’t give hard and fast rules on the requirements or qualifications a DPO needs to have.
To this end, the Irish Data Protection commissioner released guidance on what it sees as appropriate qualification.
Since a DPO will be the voice of data protection compliance in an organisation, it says the person appointed to the role will need to have a level of expertise appropriate to the type and extent of data processing activities taking place.
Organisations can decide for themselves which skills and qualifications, or training, are needed. A knowledge of national and European data protection laws and practices, particularly the GDPR, is obviously most important, but a knowledge of IT and data security skills, an understanding of the business sector and processing operations to be carried out and the know-how to promote a culture of data protection, will also be valuable to an organisation.
With the explosion of DPO training programmes, the Irish Data Protection Commissioner also provided advice in terms of what to look for. Right now, training options range from one-day sessions to academically accredited certificates such as diplomas from national law societies, and various online options in between. Some are internationally recognised professional training programmes that require ongoing training for the qualification to be maintained.
image credit: https://diligent.com