What is a DPO?

June 13, 2022


Emerging in particular with the entry into force of the General Data Protection Regulation (GDPR ) in 2018, the job of DPO or Data Protection Officer is increasingly sought after in companies. 

But who is he exactly? What is his field of action, the studies he has to follow or his salary? Answers in this article. 

👉 This article is part of a series of articles deciphering the different businesses that make up legaltech.

What is a DPO?

The Data Protection Officer (DPO) is responsible for assisting organisations in their RGPD compliance process. 

The latter must ensure that the measures laid down in the Regulation are properly applied and that the handling and processing of personal data are secure. 

He or she is, in a way, the conductor of data protection and data processing within an organisation

In order to fully understand the challenges of the data protection officer's job, it is necessary first of all to go back to the RGPD. 

 

What is the RGPD?

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. This European text governs the use of personal data and regulates their circulation.

Since its implementation, the roll-out of the GDPR has led to a real increase in public awareness of the dangers of data manipulation. 

🍪 The example of cookies

It is particularly since the appearance of the RGPD that each site must ask for permission to use cookies

By accepting these, you authorise the owner of the site to obtain information about your visit. This allows the site owner to collect information about the habits of visitors to the site and to analyse the results. It also allows them to personalise your own experience on the site.

If you refuse, your connection data (such as the time you spent on the site or the pages you visited) remain personal. 

👀 Also read: What is the RGPD? 

 

There is a public body that ensures that the conditions set out in the regulation are applied in companies, organisations and administrations.

This is the Commission Nationale de l'Informatique et des Libertés (CNIL). 

In addition to its role as a whistleblower, the CNIL has the power to control and sanction.

The latest penalty applied by the CNIL amounts to a total of 150 million euros following a breach by the computer giant Google.

 

Who is the Data Protection Officer?

The DPO is at the same time the informant, the advisor and the datacontroller. He or she is responsible for guiding the organisation's teams towards sound use of data in accordance with the obligations laid down by the RGPD.

Consequently, the person who performs this function must have good interpersonal skills in order to facilitate exchanges with the teams, raise their awareness and train them. 

The DPO also acts as a controller of compliance with the obligations of the Regulation.

The Data Protection Officer has the duty to ensure that the conditions relating to fundamental rights and freedoms are respected when processing the information collected.

To do this, it must make an inventory of the processing activities carried out by the organisation, analyse the mechanisms in place in the organisation and establish internal rules to remedy bad practices.

The DPO is also the intermediary with the supervisory authority and acts as a contact point with the latter in case of consultation. 

💡 Did you know?

In 2020, 85% of companies had compliance systems in place, but almost 60% were only partially up to date with their obligations .

This is the conclusion of a study on the state of compliance and anti-corruption in companies, conducted by the French Association of Corporate Lawyers (AFJE) and Ethicorp.

 

What training is required to become a DPO?

The profession of DPO is not a regulated profession, there is no compulsory training to exercise this function. Neither the RGPD nor the CNIL define a precise training to become DPO.

However, this does not mean that just anyone can do this job. It must be a qualified person.

The position requires advanced skills in data protection law and IT data management

The choice of course is free, as this is a recent profession, and there is currently no course specifically devoted to the exercise of the DPO profession.

However, it would be wise to focus on legal studies and specialise in IT in order to consolidate the skills required for the job. Law and digital data management are the pillars of the DPO function

As the demand for DPOs is rising sharply, many public and private training courses should be set up in the future to train students for this profession.

For the time being, there are only specialisation courses available at the end of the initial course or during the course of professional activity. 

 

What is the job description of the DPO?

The DPO oversees the compliance of the data processing implemented by the organisation that appoints him/her. In this capacity, the DPO must : 

🧑✈️ Drive: 

  • Supporting organisations in their RGPD compliance
  • Supervising data protection impact assessments
  • Contributing to the deployment of new data processing tools and methods
  • Mapping out the treatments and establishing the mandatory register

 

👨💻 Do : 

  • Legal watch on data protection
  • Technology watch to anticipate new practices that may lead to compliance concerns 
  • Integrating new regulatory and doctrinal developments and adapting the organisation's internal process to them 

 

🧠 Inform and advise : 

  • By analysing the needs of each branch of the organisation
  • Training teams in the procedures to be followed through workshops, presentations or deliverables
  • Alerting, if necessary, the manager or subcontractor to any failure to comply with regulations in the application of internal processes 
  • Raising awareness of the risks of non-compliance and the importance of good practice in data processing

 

🕹️ Check: 

  • Compliance with the RGPD regulations
  • In establishing liability documentation
  • Constantly collaborating with the CNIL (he is the person in charge during controls) 

 

The salary of the DPO

The monthly income of the Data Protection Officer varies according to the sector of activity.

The salary of a DPO ranges from €3750 gross to €6667 gross per month, with a median salary of €5209 per month.

 

Software for DPOs

Developed using the latest innovative technologies, software exists to support organisations in their RGPD compliance. 

Intuitive, ergonomic solutions that make it easy to protect personal data and that are constantly adapted to CNIL regulations. 

These legaltechs thus make it possible to automate the legal service and data processing with the help of a DPO.

Tools recommended by DPOs include Data Legal Drive, Captain DPO, Consent Manager or Compliance Booster.

In order to avoid sanctions, it is in the interest of organisations to comply with the RGPD

As this process proves difficult in some situations, a large majority uses the services of a DPO as well as legaltechs specialised in the processing of personal data.

 

How does the use of contract management software such as Hyperlex enable compliance with the RGPD?

Hyperlex is a contract management solution. It centralises all of your company's contracts on a single platform, accessible by your employees from any location at any time.

This technology is a major ally in your RGPD compliance. It is itself compliant with the regulation and allows you to : 

  • Automatically identify all data in your contracts that are affected by the RGPD. No more hours spent manually checking all your documents. 
  • Quickly determine whether your contracts are RGPD compliant.
  • Avoid errors or omissions that could be very costly if your company is audited by the CNIL.

 

Would you like to discuss this with one of our experts?
Please contact us.

I contact an expert!

 

Read also: