Personal data privacy has become the utmost responsibility of every organization. Most countries are introducing their data privacy acts, recognizing the importance of data privacy. To name a few, Canada introduced PIPEDA in 2007 and the EU's GDPR, which has become mandatory from 25th May 2018
In GDPR, Article No. 37 states that a Data Protection Officer is a mandatory role for every company, which controls or processes the data of EU citizens. The Data Controller and the Processor are required to designate a DPO while processing information of a data subject.
Data Protection Officers, in short, DPOs are a part of the leadership team who work to educate a company and its employees on the importance of being compliant. They also train staff involved in data processing and conduct security audits from time to time.
DPOs are responsible for advising the management and employees on the obligations required by data privacy acts, including GDPR. As per Article 39 of GDPR, explicit tasks are defined for DPOs.
As per ISO’s anticipation, many countries and states will follow the path of the EU and come with their own Data Privacy Acts. In January 2020, the state of California introduced the California Consumer Protection Act (CCPA). Many other nations are also developing their data protection acts and planning to implement them in the near future. For example, Brazil introduced the Brazilian General Data Protection Law (LGPD), India is preparing its Personal Data Protection Bill, 2019, Chilean Constitution made the protection of personal data a constitutional right, and New Zealand’s new Privacy Bill, 2019.
ISO introduced ISO 27701:2019, also known as Privacy Information Management System (PIMS), to help organizations get compliant and adhere to the requirements of such data privacy acts.
For small-medium-sized companies, affording a full-time DPO may not be possible as these companies may not require a big infrastructure and compliance programs to meet everyday requirements.
ARC Tech have the best in the industry experts who are certified as:
Our experts have helped multiple organizations perform gap analysis for GDPR/ CCPA and ISO 27701. They meet the requirements of GDPR and Clause 6.3.1.1 of ISO 27701.