Privacy officer

Since 25 May 2018, the European General Data Protection Regulation (GDPR) has been in force. This privacy law regulates the handling and processing of personal data. Within an organisation, the management is responsible for handling personal data and ensuring proper compliance with the GDPR. The management can be supported and advised by an employee with specific tasks. This person is often referred to as the Privacy Officer.

Duties of the Privacy Officer 

The Privacy Officer not only supervises the handling of personal data, but also has an advisory role. He or she advises employees on privacy-related issues and solves privacy related issues, keeping an organisational perspective. The Privacy Officer also provides training to increase internal knowledge about privacy. 

In addition to informing and advising, the Privacy Officer is also responsible for drafting, evaluating and updating privacy policies and processing agreements. He or she also has a role in conducting a Data Protection Impact Assessment (DPIA) and in reporting data breaches. Finally, the Privacy Officer acts as a contact point for data subjects - individuals whose personal data is processed by the organisation - and the supervisory authorities.

Privacy Officer vs Data Protection Officer 

There is often confusion about the difference between a Privacy Officer and a Data Protection Officer. This is because the duties of the two officers are largely the same. The main difference is that some organisations, such as government bodies and those that process large amounts of personal data, are required by law to appoint a Data Protection Officer

Like the PO, the DPO's role is to monitor compliance with data protection laws and to advise management. Unlike the PO's role, the DPO's role is defined by law. As a second-line function, it should be performed independently. To ensure the independence of the DPO, the role must be filled in accordance with certain requirements. These requirements do not apply to the role of Privacy Officer. On this page we explain what these requirements are, and your organisation needs a Data Protection Officer.

Appointing a Privacy Officer

Even if your organisation is not required by law to have a Data Protection Officer, it is advisable to appoint at least one employee as a point of contact for privacy and personal data. In this way, you will know that the risks to the organisation of failing to adequately protect personal data (reputational damage, fines) are adequately covered. In this case, appointing a Privacy Pfficer is a good choice. 

The role of Privacy Officer can be filled internally or externally. For practical reasons, large organisations may choose to appoint both a DPO and a PO.

Want to know more? 

Would you like advice on fulfilling the role of DPO or PO? Our consultants will be happy to advise you on privacy-related issues. They can also fulfil the role of (external) Privacy Officer or (external) Data Protection Officer.