Conduct internal audit to monitor data protection policies
Data protection officer should assist organization to conduct an internal audit to monitor and evaluate the overall implementation of their data protection policies and processes.
Establish risk reporting structure
Data protection officer should assist the organization to establish an enterprise risk management framework with reporting mechanisms (i.e. regular risk reporting and internal audit) as part of their data protection measures.
Review organization’s data protection policies and practices
Data protection officer should review their data protection policies and practices to enable them to identify data protection gaps and the appropriate remedies.
Notify stakeholders on changes to data protection policies and practices
Data protection officer should keep stakeholders apprised of the changes to their policies or practices as part of their training and communication plan. An organization’s data protection policies and practices should be accessible.
Manage personal data protection related queries and complaints
DPO should develop processes for handling queries or complaints from the public. Under the access and correction obligations of the GDPR, a member of the public may request access to his/her personal data under the organization’s possession or make enquires about the way his/her personal data has been used over the past years.
Monitor the organization’s compliance
The data protection officer is tasked with a very onerous and wide-ranging responsibility to deal with and monitor compliance across the ranging to deal with and monitor compliance across the data controller or processor organization.
Keep your employees informed of internal personal data protection processes and policies
Conduct a briefing to inform your employees of the obligations under the GDPR. Ensure that they are aware of any new developments, as well as any existing laws and contracts that may affect the personal data under your organization’s care.
Conduct a risk assessment exercise to flag out any potential data protection risks, and put in place data protection policies to mitigate those risks
Review data protection risks within your organization and come up with mitigating measures to address these issues. For example, your organization may wish to consider carrying out regular internal audits to ensure that its processes adhere to the data protection laws. In the case of a breach, your organization should also have processes and measures in place to respond to such situations.
Map out organization’s personal data inventory
Review your organization’s data management framework and processes to align them with the data protection laws, for example, determining how, when and where your organization collects personal data, the purposes for the data collection, and ensuring that consent has been obtained for the collection, use and disclosure of the data.
Policy, Protocols and Procedures
The MeD has essential functions that consist of developing, approving, and updating the general institutional policy, protocols, and procedures. Moreover, the MeD must ensure that adequate implementation of these processes is achieved according to predefined standards.
