Jobs in Personal Data Rights Management
Following the introduction of the European Union’s General Data Protection Regulation on May 25, 2018, came a range of new positions that companies need to delegate in order to avoid violating the legislation and the subsequent financial sanctions that can be sanctioned.
There are four main roles that have been listed in the GDPR data privacy legislation.
The controller, or data controller is the staff member or entity in a company or group who decides why data needs to be processed and how this will be carried out. There may be a number of data controllers or joint data controllers. For example; a company operation with a large headquarters and additional regional offices may see decisions taken at local and global levels in relation to how data will be processed.
In essence, the controller is the point of contact that will be responsible for all decisions taken in relation to the management and processing of personal data. In the even of a GDPR breach occurring the controllers will be answerable to the relevant local Supervisory Authority.
A Data Processor is defined, by GDPR legislation, as a person or entity that processes personal data on behalf of the stated controller. A data processing agreement must be completed between the processor and controller in order for the processor to begin managing and processing data.
This is typically a third party body. It/they are charged with seeing to it that all aspects of the data processing agreement are in place so that GDPR is not being breached and personal data is always kept in secure conditions.
Data Protection Officer (DPO)
Legally, a Data Protection Officer must be appointed in order to comply with GDPR. The DPO will oversee all aspects of personal data management, security strategy within an organization.
This position does not have to be a new hire. An existing member of staff may be appointed to the position and take over the responsibilities of the role. Typically, large companies will appoint a dedicated DPO while smaller companies, with lower budgets, will assign the tasks to an existing member of staff.
In essence, the DPO must see to it that all elements of the GDPR legislation are being adhered to in an organization. They will also take charge of ensuring that other members of staff are trained and knowledgeable in relation to GDPR.
Non-European Union based companies must designate a GDPR Representative to act for them in the EU and ensure their compliance with GDPR. This individual will be the point of contact with the EU in relation to the personal data management of EU citizens.