SBS - The Best Value in QMS software

GDPR - Is it really necessary for the DPO(s) to be knowledgeable to Data Privacy Law?

#1
Hi! I just want to ask on how many DPO should a company have, is there a minimum or maximum number?

Is it really necessary for the DPO(s) to be knowledgeable to Data Privacy Law? or at least the person to be the DPO has knowledge to data privacy? e.g. ISMS
 
Elsmar Forum Sponsor

Raffy

Quite Involved in Discussions
#2
Some organization in the Philippines has one appointed DPO (Data Protection Officer) and several COP (Compliance Officer for Privacy).
A DPO is accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security.
If the DPO is not knowledgeable about the Data Privacy Law, how will he monitor the compliance of the organization with the Data Privacy Act, Its Implementing Rules and Regulations, issuances by the National Privacy Commission.
Hope this helps.
Best,
Raffy
 

TomaszPuk

Starting to get Involved
#3
From EU GDPR perspective you have to assign Data Protection Officer only in the following cases (GDPR Article 37):

"(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
" GDPR


So in case you operate under GDPR the answer to your question about number of DPO would be from 0 to at least one. In case, the organization does not have to assign it, I would still suggest to make your Information Security Officer aware of these responsibilities.

Re- your questions if such a person should be knowledgeable about applicable privacy regulations - I think s/he should. The scope of regulations very much depends on company's business model and where it offers its services (e.g. .Cloud) but you have to understand the data privacy implications for your business.
E.g. there are some requirements in GDPR which are quite specific (records of processing activities, contracts with processors etc.) that such a person should be aware of.
 

Ian_Morris

Involved In Discussions
#4
In short, if you have a DPO they do need to be knowledgeable about not only about the law, but about the systems in place within the company.

If you have determined that a DPO is necessary for your company (doesn't matter if this is voluntary or if you fall under the requirements) it is necessary for them to be able to demonstrate that they have the competence to execute the role (similar to the need for a Money Laundering
Reporting Officer to have necessary competence). This is because they will have legal responsibility for the effectiveness of your systems to ensure compliance with GDPR.

I appreciate that you are in the Philippines, but the UK regulator site has some exceptional advice around data protection that will be compliant with GDPR (www.ico.org.uk)
 
Thread starter Similar threads Forum Replies Date
Ed Panek GDPR in Urgent Healthcare Setting Other ISO and International Standards and European Regulations 1
M GDPR - Is anonymizing sufficient to address right to erasure? Medical Information Technology, Medical Software and Health Informatics 3
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
D HIPAA and GDPR applies? Medical therapy device ISO 13485:2016 - Medical Device Quality Management Systems 0
MrTetris GDPR - Purposes and duration of data collection Other ISO and International Standards and European Regulations 8
MrTetris GDPR - General Data Protection Regulation - Only applicable to EU data? Other ISO and International Standards and European Regulations 6
Marc Privacy Policy - EU GDPR Compliance - 1 December 2018 Elsmar Cove Forum ToS and Forum Policies 0
L Implementation of ISO 27001 as part of the GDPR compliance journey Other Medical Device Related Standards 2
F DPA 2018 & GDPR 2016 EU Medical Device Regulations 1
M GDPR - Data portability and Data Deletion EU Medical Device Regulations 6
Q GDPR consulting service for Medical device Company EU Medical Device Regulations 0
L GDPR scope - "Personal data" definition - General Data Protection Regulation EU Medical Device Regulations 5
S GDPR (General Data Protection Regulation) - My company is ISMS certified IEC 27001 - Information Security Management Systems (ISMS) 3
Marc GDPR - EU Directive 2016/679 and the Elsmar Cove Discussion Forum Elsmar Cove Forum ToS and Forum Policies 3
W EU GDPR General Data Protection Regulation - What we need to update for our QMS EU Medical Device Regulations 14
T GDPR impact on ISO 9001 and Quality ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T GDPR - General Data Protection Regulation (EU and UK 2018) Other ISO and International Standards and European Regulations 7
D Is PMCF really a continuous activity per Annex XIV,Part B? EU Medical Device Regulations 5
N IPC-A-630 - Is this free or do i really need to pay for it? Manufacturing and Related Processes 4
A Touch current in single fault conditions test and earth leakage current in normal conditions test, are they really different tests? IEC 60601 - Medical Electrical Equipment Safety Standards Series 9
D As a newcomer to QMS, I really appreciate how ISO is set up. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
E Is it possible to start an ISO 9001 QMS from scratch (Really) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
W Is the RPN (risk priority number) in the PFMEA really a RPN without the detectability ISO 14971 - Medical Device Risk Management 4
H CQA Exam - Do I really have to go five hours without a drink? Professional Certifications and Degrees 4
DMLqms Medical Device Expiry Date or Manufactured date - really? Other Medical Device and Orthopedic Related Topics 1
I Is risk acceptability really needed if all risks must be reduced as far as possible? ISO 14971 - Medical Device Risk Management 6
Q Really do they add value (Vision, Mission, Values)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q Do we really need a traditional Quality Manual? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
J ISO 17025 testing laboratory - Receiving lab supplies - What really needs a C of A? ISO 17025 related Discussions 2
Q Is Medical Device 510(k) exempt or not really exempt? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Marc What Airlines Really Charge (In 1 Simple Table) Travel - Hotels, Motels, Planes and Trains 6
H Is 5S really that good? Lean in Manufacturing and Service Industries 34
P What is a QMS (Quality Management System), really? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
Chennaiite Do Attribute Control Charts really help? Statistical Analysis Tools, Techniques and SPC 9
K Customer Audit - Just a positive rant really General Auditing Discussions 2
M "Value", A product that really meant something to you Coffee Break and Water Cooler Discussions 15
WEAVER Is GR&R really practical for a Measurescope? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 12
Jim Wynne A Lame Phishing Email--Are we Really This Gullible? After Work and Weekend Discussion Topics 16
J Does a Lower Thermostat Setting really save Energy? Coffee Break and Water Cooler Discussions 11
AnaMariaVR2 What Do Flight Attendants Really Think of You? Travel - Hotels, Motels, Planes and Trains 0
N Does Debt Consolidation Really Help Your Credit Score? Coffee Break and Water Cooler Discussions 7
L CE Mark - but not really. What are consequences? CE Marking (Conformité Européene) / CB Scheme 3
T The best way to pull some meaningful stats from a really big project? Using Minitab Software 3
L Do I really need to be AS9100 certified? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
B Is Immediate Action really necessary before a Corrective Action? Nonconformance and Corrective Action 7
B Is accreditation to ISO 17025 really necessary? ISO 17025 related Discussions 15
V Really Urgent: Error in Minitab Using Minitab Software 8
R What does the Programmable Electrical Medical System really mean? IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
J Are these things really required in a document control procedure? Document Control Systems, Procedures, Forms and Templates 17
B What Have They Done to AS9101? Was this really necessary? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 23

Similar threads

Top Bottom