Frequently asked questions
Advantanges of DPO service contract
As compared to an in-house DPO, our specialist is more up-to date regarding the ever changing data protection law and practical enforcement as well as the latest developments of the case-law. Please refer to the comparison below:
Topics Our expert
Training costs We pay You pay Legal information costs We pay You pay Finding a replacement You have no risk Your risk Employer liability None You are responsible Attitude towards you as a data controller Objective Rather subjective Role conflict None Very difficult to avoid Experience in data protection High None
What does the DPO do?
It is Article 37 of the GDPR that sets forth the requirements. The DPO must have expert knowledge of data protection already upon appointment, incl earlier experience.
Academic education and additional training is a clear asset. In order to understand the data protection processing activities, the DPO must have prior contact with complicated IT systems.
In order to implement the GDPR and the relevant legislation in force in Estonia, the DPO must be proficient in law.
The main tasks of the DPO are set forth in Article 39 of the GDPR.
One of the main tasks of DPO is to inform and advise the controller/processor and the employees who carry out the processing of their obligations. This includes informing the employees of internal rules and the due diligence obligation
The DPO regularly revises the technical and organizational measures which the controller/processor takes for personal data protection purposes.
This includes access to personal data, portability, entry into the information systems and access control. DPO also conducts regular audits.
DPO supervises personal data protection first and foremost by technological means with the aim to ensure that the data subjects are properly informed and their rights protected.
This is important to ensure the data subjects’ rights of access, to rectification, erasure, restriction of processing, portability, objection to processing and right to information.
DPO liaises with Andmekaitse Inspektsioon (the EstonianData Protection Supervisory Authority) and represents the controller/processor in case of breaches, e.g. an attack that targets the IT system which causes an unauthorized disclosure and infringes the rights of the data subjects