Being the spider in the web and having access to a broad network of experts, a DPO is critical in building a highly trustworthy brand through privacy.
Under the GDPR, a Data Protection Officer (DPO) may be mandatory within your organization. The GDPR awards the DPO with plenty of admirable characteristics: the DPO should be knowledgeable, compliance driven, independent and integer. The DPO should be trained appropriately and reports independently to the board. But in daily life, what does a DPO do and why do you want one?
A DPO is an independent function who keeps track of privacy within your organization. This means the DPO will have the complete overview of personal data that is processed within your organization. As a result, he or she will be the spider in the web of your organization. This makes it easier to assess the privacy risks facing the organization and determine effective controls to mitigate these risks.
Vice versa, being in the center of privacy activities, the DPO is in the perfect position to achieve the required change within your organization and advise employees and departments in new ways of working. The DPO can raise awareness for privacy and motivate employees to adjust their ways of working where needed.
When you hire a DPO externally, he or she will never come alone. An external DPO brings previous experience. Usually, DPO's have experience in a specific sector or at organizations from a comparable size as yours. An external DPO is also connected to a network of experts. Experts in fields of cyber security, cloud security, legal or software development proof to be useful in specific cases where your organization requires specific advise. Hiring a DPO externally gives your organization access to this network of experts.
Hiring a DPO will help your organization to achieve the required change. Being the spider in the web and having access to a broad network of experts, a DPO is critical in building a highly trustworthy brand through data privacy. A DPO may be required to comply with the General Data Protection Regulation (GDPR), but is most of all critical to the long term success of your organization by maintaining a trusted relationship with your customers and your employees. KPMG has the right people to function as your external DPO, a service we call `DPO-as-a-service'.