Data Protection Officer

By | Friday July 31st, 2015

The controller and the processor shall designate, where applicable, a Data Protection Officer (DPO) on the basis of professional qualities and, in particular,  knowledge and experience on data protection law and practices, and ability to fulfil the assigned tasks . 

The controller (or the processor) shall ensure that the Data Protection Officer is properly and timely involved in all issues related to the protection of personal data and able to perform the duties and tasks independently.

The DPO shall directly report to  the executive management member of the controller who is responsible for compliance with the EU Data Protection Regulation. The Data Protection Officer may be employed by the controller or processor, or fulfil his or her tasks on the basis of a service contract.

The controller (or the processor) shall communicate the DPO’s name and contact details to the supervisory authority and to the public: data subjects shall have the right to contact the Data Protection Officer on all issues related to the processing of their data and to request exercising the rights under the EU Regulation.

The controller (or the processor) shall support the DPO in performing the tasks and shall provide all means, including staff, premises, equipment and any other resource needed to carry out the duties and tasks assigned, and to maintain his or her professional knowledge.

The DPO, in exercising his role, must ensure the confidentiality and secrecy of the data subjects’  identities and information, unless they are released from that obligation by the data subject.

The DPO’s mission should include, at least, the following tasks:

  • to create awareness, by informing and advising the controller or the processor of their obligations pursuant the EU Regulation, and related technical and organisational measures and procedures needed
  • to monitor the implementation and application of the policies in relation to the protection of personal data, including the assignment of responsibilities, the training of staff involved in the processing operations, and the related audits
  • to monitor the implementation of  the requirements related to data protection by design, data protection by default and data security
  • to monitor the documentation, notification and communication of personal data breaches
  • to monitor the response to requests from the supervisory authority, and co-operating with the supervisory authority at the latter’s request or on the Data Protection Officer’s own initiative
  • to act as the contact point for the supervisory authority on issues related to data processing, and consult with the supervisory authority, if appropriate, on his/her own initiative.
Category: Data Protection Officer Tags: , ,

About Mariangela Fagnani

Mariangela Fagnani is a Senior ICT Security Consultant working in Sernet company. She is graduated in Mathematics and she has more than 35 years of experience in Information Technology, including 33 years at IBM Italy. At IBM, she covered several positions in application development, IT operations and services. During her working experience she gained a deep knowledge in Information Security through projects and engagements with many customers in Italy and across Europe, acting as Consultant, Security Services Practice leader for Italy and Security Offering Manager at Europe level. Speaker for conferences and Clients’ workshops to promote IBM security solutions, innovation and vision through success stories, significant project experiences and marketing events. She is CISA certified and ISO27001 Lead Auditor . Board Member of Clusit, member of AIEA, honorary member of Itasforum, member of Oracle Community for Security.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.