From May 25, 2018, European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data is also called the RGPD (European Regulation) on the protection of personal data) has entered into force within the European Union and is willing to unite and adapt to the digital age. It is a regulatory system that allows all citizens to regain control of their digital data in all EU Member States. It gives every citizen and citizen of the Union the right to regain control over his / her digital data. As a result, all companies are obliged to adapt to this new law with the risk of serious sanctions. And in order to be in order, they must have a PII (Data Protection Officer), which is a key figure in complying with this new regulation. However, in order for the DPO to really play his role, learning is essential. This will make the company comply with the European regulations on personal data protection.
What is RGPD GDPR?
Before discussing the importance of the training of an NGO, which is nothing more than a RGPD reference, it is important to clarify to you this new regulation, which is the RGPD. In fact, the European Data Protection Regulation or the GDPR GDPR is a European directive requiring all companies and administrations to otherwise process personal data. Then all EU bodies need to strengthen their protection policies and have better data compliance. But what is meant by "personal data"? You can clearly read the answer to this question in section 4 of the GDPR which defines it as "any information relating to an identified or identifiable individual". From this definition, this person can be directly or indirectly identified by elements specific to his or her physical, genetic, physiological, mental, economic, cultural or social identity. As a result, GDPR will not apply to corporations that collect and process corporate data. But they do not have to manage the personal information of their representatives.
Objectives of the RGPD
Overall, the aim of this new regulation is to increase the protection of all European citizens against the malicious use of their personal data by influencing all business stakeholders. However, this goal can be divided into three main points:
- Strengthens people's rights;
- It empowers those who are responsible for the processing of data;
- It makes the regulation credible by enhancing cooperation between data protection authorities.
Who is dealing with RGPD?
The new reference text on the protection of personal data in the European Union applies to any processing of personal data of European citizens. Thus, any company established in a Member State of the European Union or not is interested in collecting or processing personal data of European citizens. But this is not just the activity of companies dealing with personal information, but also:
- Associations that collect personal information about their members, volunteers, members;
- communities that "will have to adopt and update technical and organizational measures that allow them to guarantee and demonstrate at any time that they offer an optimal level of data protection" (CNIL);
- public legal entities (EPIC, EPA, hospitals, higher education, inter-municipal sector, etc.)
However, among the basic requirements that RGPD imposes on companies that process personal data as the primary object of their business is the designation of the DPO.
DPO and its role
The DPO, known in French as "Data Protection Officer" and English under the name "Data Protection Officer" or "Data Protection Officer", is one of the main steps that each company should take to be in good condition. to the RGPD. This was mentioned in sections 37 to 39 of the Regulations. GMP is actually the successor to CIL (Correspondent Informatique et Libertés). Therefore, the new "conductor" is responsible for ensuring compliance with the new data protection rules. It should be included in the IT security policy of the organization it works for.
In order to carry out its missions, it has the duty to consider in particular the risks associated with the processing operations in accordance with the data processed and the way this information is handled. For this:
- it must inform and advise the data controller on its own. Therefore, it must carry out awareness-raising and training activities.
- It must also ensure that the European data protection regulation is respected in the company – by observing the audit;
- It should provide advice on request – especially with regard to the proper functioning of IAP;
- He is responsible for managing interactions with the CNIL (or any other supervisor) and as such acts as a contact point.
In summary, the DPO plays a key role in the RGPD system. This is an element of internal and external coordination. This is a dynamic and flexible feature that goes beyond that of CIL. For this reason, organizations must ensure the quality of their DPO training so they are really prepared to provide them with the best benefits.
Why do you get training for VET?
Considering the sensitivity of this business, it is important to have an ABO training to avoid certain problems for your company. This training allows you to understand the new personal data challenges introduced by the RGPD. You will also be able to master the key elements of concrete compliance, adapted to the new constraints and obligations. For those who wonder if the regulation has provided a specific profile to be a DPO. We inform them that the GADD does not detail the DPO's profile in Article 35, but states that it must have "in-depth knowledge of data protection legislation and practices." As this is a new profession, this makes it difficult to collect and assess the DPO's skills. However, CNIL has created a tool that makes things easier. This is a repository that collects the 17 key skills that a DPO may have. These skills are divided into three basic types of knowledge.
The DPO should have the capacity to advise on the development of data protection procedures and policies. In order to do so, he must be in good command of corporate governance. In addition, he must be able to conduct a compliance audit and a manager.
Technical and IT knowledge
It must have the necessary skills to execute requests for data modification and deletion. He has to create "Confidentiality through Design" in the company.
DPO should have experience in data protection legislation and practices acquired in particular through continuous training. However, the level of expertise should be adapted to the organization's activity and the sensitivity of the treatments applied. That is why it can help the company develop data protection clauses while signing a contract. He is a CNIL interlocutor and must be able to investigate any complaints.
And you will acquire all of his skills by training a VET.
Do all companies need to appoint a DPO?
The regulation provides for three cases where a Data Protection Officer is required:
- When processing is performed by an authority or a public authority (excluding the courts in their jurisdictional role). Because the WADD does not define what it places in an "authority or public body", the concept is defined according to the national law of each EU country;
- where the main activities of the company lead to the processing of large-scale processing of personal data;
- where the core business consists of large "sensitive" data processing. Examples include health data, biometric data, political opinions, religious beliefs, data about crimes or crimes.
As a result, it can be concluded that all E-dealers generally have a DPO.