The objectives of the European legislator expressed through the General Regulations for the Protection of Data (GDPR) are multiple. It aims to create a strengthened and harmonized data protection framework that takes into account recent technological developments (Big Data, Connected Objects, Artificial Intelligence) and the challenges that accompany these developments. The individual is placed at the heart of the legal device which thus sees his rights strengthened (consolidation of information obligations, restrictions in terms of collection of consent, new right to portability of data, erasure, etc.)
The appointment of a Data Protection Officer ("DPO") is an obligation for all public entities. Private individuals implementing large-scale processing or sensitive data processing are also required to appoint a DPO by May 25, 2018.
For all entities operating one or more personal data processing, the designation of such an actor is strongly recommended by the regulatory authorities such as the CNIL relayed at European level by the G29..
The DPO must be independent, competent and adequately resourced. The designation of an officer is, in most cases, prohibited because of the risk of conflict of interest. Indeed, the one that determines the purposes of a treatment - setting up connected meters in offices to save energy for example - can not be the one that ensures compliance of the device with the rights of users..
The technical and legal competence of the DPO must also be taken into account. The DPO must indeed control the legal compliance of the treatments, which goes far beyond the initial missions of the Correspondent Informatique et Libertés (CIL). The designation of a DPO in-house can thus be tricky.
Our solutions :
The Herlemont Cabinet offers a flexible offer adapted to each situation:
Do you want to outsource the function of DPO? We propose a service contract specific to such an outsourcing of the function. As an external DPO, we will work in close co-ordination with the IT and Freelance representatives appointed internally to ensure the implementation and dissemination of a data protection policy compliant with the Regulations.
Do you want to internalize the function of DPO? The firm Herlemont offers assistance missions: DPO training, transfer of skills, provision of a dedicated toolbox, strategic support, awareness, ad hoc compliance notes, update of the register of treatments.