Role of the DPO
About
- Key Terminology of GDPR
- Personal Data Incident & Breach Management
- Data Protection Principles & Applications
- Six Legal Bases for Processing – GDPR Article 6
- Data Subject Rights
- Processing Special Category Personal Data – GDPR Article 9
- International Data Transfers
- Personal Data & Scientific Research
- Research Using Health Related Personal Data
- Data Privacy & Security Training
- Data Protection and its Scope
- Data Protection Obligations of the University
- Role of the DPO
Role of the DPO
Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). UCD, as an organisation that undertakes its processing as a public authority / body is required to have a DPO (UCD DPO, email: gdpr@ucd.ie).
The DPO assists their organisation (controller or processor) in all issues relating to the protection of personal data. In particular, the DPO must:
- inform and advise the controller or processor, as well as their employees, of their obligations under data protection law
- monitor compliance of the organisation with all legislation in relation to data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations
- provide advice on Data Protection Impact Assessments (DPIAs)
- act as a contact point for requests from individuals regarding the processing of their personal data and the exercising of their rights
- cooperate with the Data Protection Commission (DPC) and act as their organisation’s contact point for the DPC on issues relating to processing
The organisation must involve the DPO in a timely manner. The DPO must not receive any instructions from their organisation (controller or processor) for the exercise of their tasks. The DPO reports directly to the highest level of management of the organisation.