External data protection officer ( DPO ) on the basis of a service contract pursuant to GPDR
We offer the service of the external data protection officer pursuant to the General data protection regulation - GDPR 2016/679 of the European Parliament and Council.
Designation of data protection officer ( DPO ) pursuant to GPDR helps the controller or the processor to monitor internal compliance with GDPR.
Why external data protection officer?
DPO assists the controller or the processor to monitor internal compliance with GDPR. DPO collects information to identify processing activities, analyses and checks the compliance of processing activities, and informs, advises and issues recommendations to the controller or the processor.
Designation of external DPO data protection officer on the basis of a service saves costs of human resources.
Tasks of the DPO:
Monitoring compliance with the GDPR:
- collects information to identify processing activities,
- analyses and checks the compliance of processing activities, and
- informs, advises and issues recommendations to the controller or the processor.
The DPO’s role in a data protection impact assessment:
According Article 35(1) of GDPR the task of the controller is to carry out, when necessary, a data protection impact assessment (‘DPIA’).
The controller should seek the advice of the DPO, on the following issues:
- whether or not to carry out a DPIA
- what methodology to follow when carrying out a DPIA
- whether to carry out the DPIA in-house or whether to outsource it
- what safeguards (including technical and organisational measures) to apply to mitigate any
- risks to the rights and interests of the data subjects
- whether or not the data protection impact assessment has been correctly carried out and
- whether its conclusions (whether or not to go ahead with the processing and what safeguards
- to apply) are in compliance with the GDPR
Article 39(2) of GDPR requires that the DPO ‘have due regard to the risk associated with the processing operations, taking into account the nature, scope, context and purposes of processing’.
- DPO should to prioritise activities and focus on issues that present higher data protection risks.
- DPO should advise the controller what methodology to use when carrying out a DPIA, which areas should be subject to an internal or external data protection audit
The DPO’s role in record-keeping:
Under Article 30(1) and (2) of GDPR, it is the controller or the processor, not the DPO, who is required to ‘maintain a record of processing operations under its responsibility’ or ‘maintain a record of all categories of processing activities carried out on behalf of a controller.
- In practice, DPO often creates inventories and holds a register of processing operations based on information provided.
(Source: document 16/SK WP 243 rev.01, WP29)
Our company has been actively working in the field of information technologies
Our experiences, knowledge and active activity in the field of information technologies enable us to process the security analysis and IT system project in a competent way.
Compliance of the outputs with the intra-company guidelines and processes
Examination of the existing documentation (English) and adaptation of our outputs to the existing guidelines and organisation processes already implemented.
Stability of the company
Continuity of our activity: our company has been working in the field for more than 14 years.
Person responsible for qualified consulting
Ing. Daniel Bednárik, education: Faculty of Applied Informatics, Tomas Bata University in Zlín, field of study: Engineering Informatics, Security Technologies.
Internationally accepted and accredited CISM certificate of the ISACA organisation
CISM (Certified Information Security Manager) certificate is intended for experienced information security managers and has been designed to provide an assurance to the executive management that its holders have the required knowledge and skills to perform efficient security management.
The list of the Isaca Slovakia certificate holders (www link).
Certificate of internationally accredited training IRCA, ISO 27001
Ing. Daniel Bednárik passed an internationally accredited training for external auditors/lead auditors for ISO 27001. The accreditation is covered by IRCA (International Register of Certified Auditors). IRCA Certificate No.: 27416.
Qualified independent auditor of the Regulatory Authority for Electronic Communications and Postal Services
Our company is included in the list of qualified independent auditors for the security audit performance in a company providing public electronic communication services.
The list is published on the Regulatory Authority’s website (www link).
Liability insurance for damage caused when providing the services in the field of information technology security in the extent as follows: EUR 100,000, (Colonnade Insurance S.A.).