Establish risk reporting structure

Data protection officer should assist the organization to establish an enterprise risk management framework with reporting mechanisms (i.e. regular risk reporting and internal audit) as part of their data protection measures.

[ Read More ]

Manage personal data protection related queries and complaints

DPO should develop processes for handling queries or complaints from the public. Under the access and correction obligations of the GDPR, a member of the public may request access to his/her personal data under the organization’s possession or make enquires about the way his/her personal data has been used over the past years.

[ Read More ]

Monitor the organization’s compliance

The data protection officer is tasked with a very onerous and wide-ranging responsibility to deal with and monitor compliance across the ranging to deal with and monitor compliance across the data controller or processor organization.

[ Read More ]

Conduct a risk assessment exercise to flag out any potential data protection risks, and put in place data protection policies to mitigate those risks

Review data protection risks within your organization and come up with mitigating measures to address these issues. For example, your organization may wish to consider carrying out regular internal audits to ensure that its processes adhere to the data protection laws. In the case of a breach, your organization should also have processes and measures in place to respond to such situations.

[ Read More ]

Map out organization’s personal data inventory

Review your organization’s data management framework and processes to align them with the data protection laws, for example, determining how, when and where your organization collects personal data, the purposes for the data collection, and ensuring that consent has been obtained for the collection, use and disclosure of the data.

[ Read More ]

Policy, Protocols and Procedures

The MeD has essential functions that consist of developing, approving, and updating the general institutional policy, protocols, and procedures. Moreover, the MeD must ensure that adequate implementation of these processes is achieved according to predefined standards.

[ Read More ]