What does a Privacy Officer do?

A Privacy Officer has various tasks:

‍

• Drafting and implementing privacy policies, processing agreements, retention periods, processing register and procedures.
• Making the internal organization aware of privacy laws and regulations, such as the AVG, Telecommunications Act and e-Privacy Regulation;
• Handling data breaches
• Drafting and keeping the privacy policy up to date.
• Ensure that processes, marketing campaigns, landing pages and promotional conditions comply with privacy laws and regulations.
• Maintaining contact with the Data Protection Authority (AP).
• Performing Data Protection Impact Assessments (DPIAs).
• Training and supporting an internal privacy officer.

The extra tasks of a Privacy Officer in healthcare

A Privacy Officer in healthcare has a few additional tasks. This is because special personal data is processed in this sector. This is subject to stricter conditions:

‍

• Establishment of the Information Security Management Forum (IBMF), which is mandatory for healthcare organizations.
• Monitoring the Electronic Health Record (EPD).

A Privacy Officer's Role as an AVG Expert

In SMEs, an IT employee is often tasked with the position of Privacy Officer. However, this person often does not have the necessary knowledge and experience. That is why organizations are increasingly opting for an external specialist to fill the role of Privacy Officer. In doing so, they get all the necessary knowledge and expertise from just 4 hours a week.

‍

For example, our Storm van Wissen works 8 hours a week as a Privacy Officer at the RIB:

‍

“At the RIBW, I supervise the privacy of clients and employees. In addition, I ensure that they are always compliant with the AVG and other legislation.”

‍

Is a Privacy Officer mandatory?

According to Article 37 of the GDPR, the appointment of a Data Protection Officer (also the job of a Privacy Officer) is mandatory for:

‍

• Public organizations and government agencies (excluding courts)
• Organizations that process a lot of special personal data (such as data about health, religion or ethnic origin).
• Organizations that observe many individuals, for example companies in the security industry or companies that create comprehensive personal profiles.

‍

Side note: This must be the core activity of the organization. Collecting data about website use alone does not mean that it is mandatory to hire a Privacy Officer.

Privacy Officer vs. Data Protection Officer (DPO)

The Data Protection Officer (DPO) is also known as the Data Protection Officer (FG). This is the person who oversees the application and compliance with the GDPR. A characteristic feature of the DPO is that it must have an independent role within the organization, but also has direct lines with the board. The PO is actually responsible for drawing up and implementing the policy and can support the DPO/FG by being the point of contact for privacy issues within the organization.

Privacy Officer vs. Security Officer

Where the Privacy Officer focuses on data protection and privacy, the Security Officer focuses on the security of information and systems against threats and breaches. The PO is therefore responsible for protecting special personal data and the privacy policy and the SO for securing the systems.

We can help

Is protecting personal data an important issue for your organization? Check out our Privacy Officer service and other Interim Specializations and get all the knowledge and expertise in-house. Starting at 4 hours a week.

‍

‍