Privacy of personal data is becoming a responsibility of every organization. Every country is recognizing this and introducing data privacy acts. Canada introduced PIPEDA in 2007 and EU made GDPR mandatory from 25th May 2018. Under Article 37 of GDPR the data protection officer is a mandatory role for all companies that control or process EU citizens' personal data. The Controller and the Processor are required to designate a DPO if they are processing information of a data subject
DPOs are responsible for educating the company and its employees about compliance, training staff involved in data processing, and conducting regular security audits. DPO is part of the leadership and responsible for informing and advising the management and employees of their obligations as required by GDPR and other data privacy acts. As per Article 39 of GDPR specific tasks are defined for DPOs.
ISO anticipated that other countries/ states will follow the lead from EU and will come with their own Data Privacy Act like for example, State of California introduced the California Consumer Protection Act (CCPA). Similarly, other countries are planning to implement their own acts. Brazil has come up with Brazilian General Data Protection Law (LGPD), India is ready to implement India Personal Data Protection Bill, Chilean Constitution established protection of personal data as a constitutional right. New Zealand Privacy Bill was introduced in July 2019 and so on. ISO introduced ISO 27701:2019 aka Privacy Information Management System (PMIS) to help organizations to be compliant with such data privacy acts
It is not possible for the small-medium sized companies to afford a full time DPO. Typically, small-medium sized company does not always require a full time DPO as they do not require a big infrastructure and a big compliance program to meet the day-to-day requirements.
PMG has highly experienced industry experts, certified as:
Our experts have helped multiple clients in performing gap analysis for GDPR/ CCPA and also for ISO 27701. They will meet the requirements of GDPR and also of Clause 6.3.1.1 of ISO 27701.