What does a Privacy Officer do?
A Privacy Officer has several duties:
- Draft and implement privacy policies, processor agreements, retention periods, processing records and procedures.
- De interne organisatie bewust maken van privacy wet- en regelgeving, zoals de AVG, Telecommunicatiewet en e-Privacy Verordening;
- Handling data breaches
- Drafting and updating the privacy policy.
- Monitor that processes, marketing campaigns, landing pages and promotional terms comply with privacy laws and regulations.
- Maintain contact with the Personal Data Authority (AP).
- Conducting Data Protection Impact Assessments (DPIAs).
- Train and support an internal privacy officer.
The additional duties of a Privacy Officer in healthcare
A Privacy Officer in healthcare has some additional duties. This is because special personal data are processed in this sector. There are stricter conditions attached to this.
- Establish the Information Security Management Forum (IBMF), which is mandatory for healthcare organizations.
- Monitoring the Electronic Patient Record (EHR).
The role of a Privacy Officer as an AVG expert
Often in SMEs, an IT employee is assigned to the position of Privacy Officer. However, this person often does not have the necessary knowledge and experience. Therefore, organizations increasingly choose an external specialist to fill the role of Privacy Officer. With this, they can get all the necessary knowledge and expertise in-house from as little as 4 hours per week.
For example, our Storm van Wissen works 8 hours a week as a Privacy Officer at the RIBW:
"At the RIBW, I oversee the privacy of clients and employees. In addition, I make sure they are always compliant with AVG and other legislation."
Is a Privacy Officer mandatory?
According to Article 37 of the AVG, the appointment of a Data Protection Officer (also the job of a Privacy Officer) is mandatory for:
- Public organizations and government agencies (courts excluded).
- Organizations that process a lot of special personal data (such as data on health, religion or ethnicity).
- Organizations that observe many individuals for example companies in the security industry or companies that create extensive person profiles.
Side note: This must be the core business of the organization. Just collecting data on website usage does not mean it is mandatory to employ a Privacy Officer.
Privacy Officer vs. Data Protection Officer (DPO)
De Data Protection Officer (DPO) staat ook wel beter bekend als de Functionaris Gegevensbescherming (FG). Dit is de persoon die toezicht houdt op de toepassing en naleving van de AVG. Kenmerkend voor de FG is dat deze een onafhankelijke rol moet hebben binnen de organisatie, maar ook directe lijnen met het bestuur heeft. De PO is juist verantwoordelijk voor het opstellen en implementeren van het beleid en kan de DPO/FG ondersteunen door het aanspreekpunt te zijn voor privacyvraagstukken binnen de organisatie.
Privacy Officer vs. Security Officer
Waar de Privacy Officer zich richt op gegevensbescherming en privacy, concentreert de Security Officer zich op de beveiliging van informatie en systemen tegen dreigingen en inbreuken. De PO is dus verantwoordelijk voor het beschermen van bijzondere persoonsgegevens en het privacybeleid en de SO voor het beveiligen van de systemen.
Is het beschermen van persoonsgegevens een belangrijk issue voor jouw organisatie? Bekijk onze Privacy Officer dienst en andere Interim Specialismes en haal alle kennis en expertise in huis. Al vanaf 4 uur per week.
