To become a data protection officer, it is recommended to undergo appropriate training and acquire a DPO certificate
The Data Protection Officer (DPO) is a relatively new position for many companies. Its role and responsibilities are given by the Brazilian General Data Protection Regulation (GDPR), in force since August 2020.
The GDPR requires some companies to appoint a DPO, which ended up creating a demand in the market for individuals with proven knowledge and experience to act in the role. For small businesses, the responsibilities of a data protection officer can be added to those of an existing employee. For larger organizations, a full-time position is often created.
Generally speaking, the DPO is a data protection expert who is responsible for advising an organization on how to comply with legal requirements regarding data processing, as well as investigating violations and responding when individuals have questions and/or complaints.
According to paragraph 2 of the Brazilian GDPR, the DPO’s activities consist of:
I – to accept complaints and communications from the data subjects, provide clarifications, and adopt measures;
II – to receive communications from the national authority and adopt measures;
III – provide support and guidance to the company on procedures related to the protection of personal data;
IV – to execute the other attributions determined by the controller or established in complementary norms.
There is no specific qualification for an individual to become a data protection officer, but he or she must have specialized knowledge of the regulation and practical experience in the role. In addition, the DPO must not have any current duties and responsibilities that may conflict with his or her data protection responsibilities.
To become a data protection officer, it is recommended to undergo appropriate training and acquire a DPO certificate. The courses will help you understand all the technical requirements of the GDPR and give you the experience to face the tasks of the profession. Two certifications at the international level stand out: EXIN and IAPP.
In addition to a strong understanding of the General Data Protection Regulation, the DPO needs to have good communication skills, as he or she will work guiding a company’s staff, as well as answering questions from others and mediating communication with the national authority.
The GDPR does not specify whether the data protection officer should be an individual or a company. It is possible, therefore, to hire the DPO as a service. Here at Pryor Global, we offer DPO outsourcing, so that a highly qualified and experienced professional can act within your company. Contact us for more information.