What is a DPO?

Emerging in particular with the entry into force of the General Data Protection Regulation (GDPR) in 2018, the job of DPO or Data Protection Officer is increasingly sought after in companies.

So who exactly is he? What’s his field of action, what studies does he have to complete, and how much does he earn?

What is a DPO?

The Data Protection Officer (DPO) is tasked with supporting organizations in their RGPD compliance process.

The latter must ensure that the measures set out in the regulation are properly applied, and that the procedures for handling and processing personal data are secure.

In a way, he’s the orchestra conductor for data protection and processing within an organization.

To fully understand whats at stake in the job of data protection officer, we first need to go back to the RGPD.

What is RGPD?

The General Data Protection Regulation (GDPR) came into force on May 25, 2018. This European text governs the use of personal data and frames its circulation.

Since its implementation, the rollout of the RGPD has led to real public awareness of the dangers of data manipulation.

The cookie example

It’s particularly since the advent of the RGPD that every site must request permission to use cookies.

By accepting cookies, you authorize the site owner to obtain information about your visit to the site, enabling them to gather information about your browsing habits and analyze the results. This also makes it possible to personalize your own experience on the site in question.

If you refuse, your connection data (such as the time you spend on the site or the pages you visit) remains personal.

There is a public body that ensures that the conditions laid down in the regulations are applied in companies, organizations and administrations.

This is the Commission Nationale de l’Informatique et des Libertés (CNIL).

In addition to its role as a whistleblower, CNIL has powers of control and sanction.

The latest penalty applied by the CNIL amounts to a total of 150 million euros following a breach by IT giant Google.

Who is the Data Protection Officer?

The DPO is at once the informant, the advisor and the person responsible for data processing. He or she is responsible for guiding the organization’s teams towards sound use that complies with the obligations laid down by the RGPD.

Consequently, whoever performs this function must have good interpersonal skills in order to fluidify exchanges with teams, raise their awareness and train them.

The DPO also acts as controller of compliance with the obligations of the regulation.

The Data Protection Officer’s duty is to ensure that conditions relating to fundamental rights and freedoms are respected when processing the information collected.

To this end, he or she must draw up an inventory of the processing activities carried out by the organization, analyze the mechanisms in force within the organization and establish internal rules to remedy bad practices.

The DPO is also the intermediary with the supervisory authority, and acts as a point of contact with the latter in the event of consultation.

Did you know?

In 2020, 85% of companies had compliance systems in place, but nearly 60% were only partially up to date with their obligations.

These are the findings of a study on the state of compliance and anti-corruption in companies, carried out by the Association Française des Juristes d’Entreprise (AFJE) and Ethicorp.

What training do I need to become a DPO?

The DPO profession is not a regulated one, there is no mandatory training to exercise this function. Neither the RGPD nor the CNIL define a precise training to become DPO.

Nevertheless, this does not mean that just anyone can exercise this profession. It must be a qualified person.

The position requires advanced skills in personal data protection law and IT data management.

As this is a new profession, there are currently no courses specifically dedicated to the DPO.

However, it would be wise to focus on legal studies and to specialize in IT in order to consolidate the skills required for the position. Law and digital data management are the pillars of the DPO function.

With demand for DPOs on the rise, many public and private training courses are likely to be set up in the future to train students in this profession.

For the time being, there are only specialization courses available at the end of the initial course or during the course of professional activity.

What is the DPO’s job description?

The DPO oversees the compliance of data processing carried out by the organization that appoints him/her. As such, the DPO must :

✈️ Pilot :

  • Supporting organizations in their RGPD compliance efforts
  • Overseeing data protection impact assessments
  • Contributing to the deployment of new data processing tools and methods
  • Mapping processing operations and drawing up mandatory registers

Do:

  • A legal watch on data protection
  • Technology watch to anticipate new practices that may lead to compliance concerns
  • Integrate new regulatory and doctrinal developments, and adapt the organization’s internal processes to them

Information and advice:

  • By analyzing the needs of each branch of the organization
  • Training teams in the procedures to be followed through workshops, presentations or deliverables
  • If necessary, alerting the manager or subcontractor to any failure to comply with regulations in the application of internal processes.
  • Raising user awareness of the risks of non-compliance and the importance of good data processing practices

Control :

  • Compliance with RGPD regulations
  • By drawing up liability documentation
  • Constant collaboration with the CNIL (he is the person in charge during inspections)

The DPO’s salary

The monthly income of a Data Protection Officer varies according to the sector of activity.

A DPO’s salary ranges from €3750 gross to €6667 gross per month, with a median salary of €5209 per month.

Software for DPOs

Developed using the latest innovative technologies, software exists to escort organizations in their RGPD compliance.

Intuitive ergonomic solutions that make it easy to protect personal data and are constantly adapted to CNIL regulations.

These LegalTechs thus make it possible to automate the legal department and data processing with the help of a DPO.

Tools recommended by DPOs include Data Legal Drive, Captain DPO, Consent Manager and Compliance Booster.

To avoid sanctions organizations have an interest in complying with the RGPD.

As this process proves difficult in certain situations, a large majority use the services of a DPO as well as LegalTech specializing in personal data processing.

How does using a CLM (contract management) solution keep you compliant with the RGPD?

DiliTrust’s CLM solution centralizes all your company’s contracts on a single platform, accessible by your employees anywhere, anytime.

This technology is a major ally in your RGPD compliance. Its own compliance with the regulation makes it possible to:

  • Automatically identify all RGPD-relevant data in your contracts. No more hours spent manually checking all your documents.
  • Quickly determine whether your contracts are RGPD compliant.
  • Avoid errors or oversights that could be very costly if your company is audited by the CNIL.

Would you like to discuss it with one of our experts?

Contact us

Related Posts