1. The rôle of the Data
Protection Officer
Gavin Llewellyn
Senior Associate
Intellectual Property
President, IP Commission, Union Internationale des Avocats
The New EU General Data Protection Regulation
UIA, Madrid,18th April 2015
5. Articles 35 & 36
• To have the expert data protection
knowledge to fulfil the tasks set out in
Article 37
• Contact details to be published and lodged
with the NDPA
• Perform tasks independently and in the
absence of conflicts of interests
• Report directly to the highest management
level of the controller or processor
7. Article 37
• To inform and advise the controller or
processor and the employees who are
processing personal data of their
obligations
• To monitor the compliance and application
of policies on data management, including
staff training, awareness-raising and
assignment of responsibilities
8. Article 37
• To monitor and advise on the use of PIAs
(Article 33) and prior consultation (Article
34)
• To monitor responses to requests from the
NDPA
• To co-operate with and act as a contact
point for the NDPA
10. Importance of the DPO
How much work involved?
Full-time or part-time position?
Cost implications
Criteria for deciding who does and does not
need a DPO
12. Need to manage data like any business
process
Not just a box-ticking exercise
Identify personal data at an early stage
Part of overall risk assessment of an
organisation
Privacy enhancing technologies
Privacy as a brand differentiator