Articles 37 to 39 of EU Regulation 2016/679 introduce the figure of the Data Protection Officer (DPO).
Professional personnel with specialized expertise in this area, appointed ad hoc by your company, will carry out the functions of the DPO, performing the following operations in compliance with the above-cited EU Regulation..
The DPO will:
- a) provide information and consultation to the data controller or processor and to employees entrusted with processing, as per the GDPR as well as other national or EU norms regarding data protection;
- b) supervise compliance with the GDPR as well as with other national or EU norms regarding data protection, and oversee the policies of the controller or processor responsible for protecting personal data, including the delegation of responsibility, promoting awareness, and training personnel who are involved in processing and the related control operations;
- c) when requested, provide opinions on impact assessments on data protection and supervise their execution as per Art. 35 of the GDPR;
- d) cooperate with the Italian Data Protection Authority;
- e) act as the contact person with the Data Protection Authority in matters regarding processing, including preventive consultation as per Art. 36, and when necessary provide consultation regarding other questions.