One month to GDPR compliance deadline! The General Data Protection Regulation will come into force in exactly a month, on May 25th. By then, companies, upon condition, must have designated a Data Protection Officer (DPO). A data protection officer is a security leadership role in charge of the data protection strategy and monitoring of compliance to the European regulation. RedSocks Security will give you a glimpse of the role of this new collaborator.
Who is the Data Protection Officer?
The DPO’s designation and position are addressed under the articles 37 and 38 of the GDPR, giving quite a large freedom of interpretation. There is no specific legal requirement regarding the academic and/or professional background, even though some trends seem to have been set:
- Legal: lawyers and legal counsels, sometimes with an IT background are most likely to be considered for this position.
- IT: Technical collaborators like CTO, CISO or Security Officers have been seen adding data protection tasks to their agenda
- Business professionals, especially consultants seem to develop their skills to take the DPO position
Furthermore, more than half of the current Data Protection Officers shares their time between this role and another one within a company.
What does a Data Protection Officer do ?
In this regard, the article 39 of the GDPR lists the following directions:
- Educate, train, inform, advise
- Monitor compliance
- Cooperate with supervisory authority
- Conduct audit
- Maintain comprehensive records
- Risk assessment
- Crisis management
Most importantly the DPO needs to operate these tasks independently, reporting directly to the highest management level of the organization. Hence, the DPO can combine another position as long as any conflict of interest is avoided. With all that it implies the DPO having immediate access to all personal data and data processing operations.
The DPO: a MTD user
The RedSocks Security Probe/MTD architecture is plug-and-play and detects breaches by checking network traffic in real-time for all malicious communication to the Internet.
The app displays several roles, created for specific categories of users within the company, including the Security Officer and the DPO.
RedSocks Security has recently released the MTD v. 4.0 with three major improvements regarding the role of DPO:
- The reinforcement of partitioning between roles giving the DPO better confidentiality settings and more independence in the tasks to accomplish.
- System monitoring functions will give the DPO better assets to prove monitoring compliance to authorities, in case of crash, for example.
- The new configuration of status will enable the DPO to benefit from investigations completed by security officers: the DPO will be able to take technical security insights to come to conclusion. This feature will provide a valuable asset to DPOs coming from a non-technical background, as they are required to work independently.
Eventually, a GDPR alert is planned to be released in the near future.
The enforcement of the GDPR is about to happen and has already impacted the organisation of most companies. The RedSocks Security MTD appliance is evolving to ease the Data Protection tasks. For requests and inquiries: email@example.com