DPO, GDPR Certified !!!!
Be careful when choosing a partner like DPO as a Service.
Since the beginning of this month of December a large number of people presents themselves as DPO.
You must be very careful because this key resource for your company if its badly chosen may put your company in danger in the face of challenge that will have to be raised by this person in terms of corporate governance, information, advice, security , process, and right of the person, and many more.
How to be sure that I choose the right partner ?
- Remember the EU GDPR don’t have in place a certificate or propose a steal to you company (certified GDPR Compliant) or given any certificate.
- Verify the background of the partner if the people or his company exist only for GDPR opportunities be careful.
- Ban people or training company that :
- Don’t apply the actual law of communication on their website about legal basic cookies information first.
- Show DPO Certified or Certified GDPR Compliant and other term like this.
- Remember the in the EU GDPR in these article : 37 to 39. Art 37 § 5 : The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfill the tasks referred to in Article 39.
- Verified that people who have professional certifications is well certified according to ISO / IEC 17024: 2012 standards such as ISACA, IAPP and other certifications. If this is not the case it is better to be careful.
Don’t forget that the senior management still accountable.
More information can be found on the WP29 Guideline about DPO see my post : GDPR Guideline and the Regulation.