Role of the DPO
Role of the DPO
Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). UCD, as an organisation that undertakes its processing as a public authority / body is required to have a DPO (UCD DPO, email: (opens in a new window)gdpr@ucd.ie).
The DPO is a statutory independent role that facilitates data subjects in exercising their rights under the GDPR and the Irish Data protection Act 2018.
The DPO assists their organisation (controller or processor) in all issues relating to the protection of personal data. In particular, the DPO must:
-
- Inform and advise the controller or processor, as well as their employees, of their obligations under data protection law
- Monitor compliance of the organisation with all legislation in relation to data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations
- Provide advice on Data Protection Impact Assessments (DPIAs)
- Act as a contact point for requests from individuals regarding the processing of their personal data and the exercising of their rights
- Cooperate with the Data Protection Commission (DPC) and act as their organisation’s contact point for the DPC on issues relating to processing.
The organisation must involve the DPO in a timely manner. The DPO must not receive any instructions from their organisation (controller or processor) for the exercise of their tasks. The DPO reports directly to the highest level of management of the organisation.