Privacy: how to choose the data protection manager. The directions from the Privacy Authority
Edited by Damiana Lesce and Valeria De Lucia
The Guarantor of Privacy has provided some guidance regarding appointment of the Data Protection Officer (DPO). The DPO is a new important figure introduced by EU Regulation 2016/679, which all public bodies and also many private entities will have to designate by May 2018.
In particular, the Guarantor states that the Data Protection Officer must have a thorough knowledge of privacy laws and practices as well as administrative rules and procedures. They will have to be selected subjects with professional qualities appropriate to the complexity of the task to be performed. Current legislation does not require applicants to possess formal certificates of professional competence or the establishment of a Data Protection Officers file. However, such attestations may be a useful tool for assessing an adequate level of knowledge of the discipline without being allowed to carry out the DPO role.
Therefore, public and private bodies will have to select the DPO, by independently assessing the possession of the requisites required to carry out the tasks assigned. The Guarantor reserves the right to provide further guidance, which will be published on the institutional website, including the outcome of the questions and requests for further information by companies and the Public Administration.