The EU General Data Protection Regulation makes it mandatory for all public authorities and bodies to have a Data Protection Officer (DPO) from May 25, 2018. A DPO is tasked with ensuring compliance with the General Data Protection Regulation through advice and guidance.
For many educational institutions, the number of tasks assigned to the DPO are not sufficient to warrant the appointment of a local DPO. Many educational institutions also lack experience in implementing the new regulation. Therefore, DKCERT is establishing a DPO service. The service will provide DPO services to those universities and educational institutions who do not wish to hire their own DPO, or who need advice with the implementation of the DPO role.
Using the DKCERT DPO Service provides the institution with:
- Knowledge of the latest practices and interpretations of the regulation as seen by educational and research institutions in the EU. This is accomplished through DKCERT participating in a pan-European GÉANT task force on the regulation.
- A resource-efficient DPO service tailored to the needs of each individual institution, including the extent and nature of personal data processing within the organization.
Services supporting the DPO role
For institutions who wish to hire a local DPO, DKCERT offers a range of services that may ensure a smooth implementation of the DPO role at the institution. DKCERT can thus:
- Advise on establishing a local DPO. This includes handling challenges in relation to independence and conflict of interest.
- Develop tools for use by the local DPOs, such as a Data Protection Impact Assessment template.
- Support the implementation of the General Data Protection Regulation.
- Participation in a knowledge-sharing network for the development of the DPO role at universities.
Services for institutions who do not wish to hire a local DPO
The DKCERT DPO Service may be used by educational institutions that:
- Have a limited amount of processing of personal data.
- Want an external DPO to ensure independence.
- Are uncertain of the size of the assignment.
- Are in a transition period in relation to the assignment.
For such institutions DKCERT can handle the DPO role. This includes:
- Handling the role of an independent DPO.
- Managing ongoing challenges and dilemmas with personal data.
- Helping organize processes that comply with the General Data Protection Regulation in the processing of personal data.
- Supporting compliance with the General Data Protection Regulation.
- Acquiring knowledge and best practices from the implementation and interpretation of the General Data Protection Regulation by other European member states, for instance regarding the use of consent.
Head of DKCERT Henrik Larsen or DPO Susanne Ketil Groth for more information about the DPO service.