External data protection officer ( DPO ) on the basis of a service contract pursuant to GPDR
We offer the service of the external data protection officer pursuant to the General data protection regulation - GDPR 2016/679 of the European Parliament and Council.
Designation of data protection officer ( DPO ) pursuant to GPDR helps the controller or the processor to monitor internal compliance with GDPR.
Why external data protection officer?
DPO assists the controller or the processor to monitor internal compliance with GDPR. DPO collects information to identify processing activities, analyses and checks the compliance of processing activities, and informs, advises and issues recommendations to the controller or the processor.
Designation of external DPO data protection officer on the basis of a service saves costs of human resources.
Tasks of the DPO:
Monitoring compliance with the GDPR:
- collects information to identify processing activities,
- analyses and checks the compliance of processing activities, and
- informs, advises and issues recommendations to the controller or the processor.
The DPO’s role in a data protection impact assessment:
According Article 35(1) of GDPR the task of the controller is to carry out, when necessary, a data protection impact assessment (‘DPIA’).
The controller should seek the advice of the DPO, on the following issues:
- whether or not to carry out a DPIA
- what methodology to follow when carrying out a DPIA
- whether to carry out the DPIA in-house or whether to outsource it
- what safeguards (including technical and organisational measures) to apply to mitigate any
- risks to the rights and interests of the data subjects
- whether or not the data protection impact assessment has been correctly carried out and
- whether its conclusions (whether or not to go ahead with the processing and what safeguards
- to apply) are in compliance with the GDPR
Article 39(2) of GDPR requires that the DPO ‘have due regard to the risk associated with the processing operations, taking into account the nature, scope, context and purposes of processing’.
- DPO should to prioritise activities and focus on issues that present higher data protection risks.
- DPO should advise the controller what methodology to use when carrying out a DPIA, which areas should be subject to an internal or external data protection audit
The DPO’s role in record-keeping:
Under Article 30(1) and (2) of GDPR, it is the controller or the processor, not the DPO, who is required to ‘maintain a record of processing operations under its responsibility’ or ‘maintain a record of all categories of processing activities carried out on behalf of a controller.
- In practice, DPO often creates inventories and holds a register of processing operations based on information provided.
(Source: document 16/SK WP 243 rev.01, WP29)
Our company has been actively working in the field of information technologies
Compliance of the outputs with the intra-company guidelines and processes
Stability of the company
Continuity of our activity: our company has been working in the field for more than 14 years.
Person responsible for qualified consulting
Internationally accepted and accredited CISM certificate of the ISACA organisation
The list of the Isaca Slovakia certificate holders (www link).
Certificate of internationally accredited training IRCA, ISO 27001
The list is published on the Regulatory Authority’s website (www link).