GDPR Expert

Coming into force in 2018, the GDPR has completely transformed personal data law.
What are my obligations and responsibilities as a GDPR data controller?

What is a GDPR expert?

  When it comes to managing your organization's personal data governance, you'll need a good conductor who's up to the task of assisting you with your GDPR compliance. A GDPR expert's main mission is therefore to support you, whether you're a processor or data controller, in your GDPR compliance process.

The GDPR expert is the person who ensures compliance with the rules on personal data. As the name suggests, this person is an expert in the protection of personal data, who must have a solid grounding in data protection, as well as technical and legal knowledge. This is what makes a GDPR expert a GDPR expert. Not forgetting that regular updating is part of his or her obligations.

Processing register, privacy by design, GDPR audit [...] are all services that a GDPR expert should be able to offer you. What's more, you can call on a GDPR expert for every stage of GDPR compliance.

 Dipeeoa GDPR expert who guarantees your compliance and handles all your GDPR issues for you. This will not only save you time, but also secure your business, at a price that defies all competition.

What does a GDPR expert do?

  A GDPR expert is there to make sure you comply with the rules on personal data. Beyond the skills and certifications he or she must have, skills that will be described a little further on, a GDPR expert has a role that revolves around four main areas.

  First of all, its role is to advise and support. Originally, if you call on a GDPR expert, it's precisely to accompany you in the process of your compliance. What's more, he must inform you as soon as he notices non-compliance with the GDPR or the violation of a rule. Hence his role as advisor.

 Then, after advising and supporting you, a GDPR expert must check that everything is in order, and that you have followed these recommendations to the letter. In this regard, he or she can personally check, and carry out an audit to ensure GDPR compliance.

In addition, a GDPR expert has a direct point of contact whether with you, as data controller, or with the CNIL (National Commission for Information Technology and Civil Liberties). With regard to these two subjects, he or she will handle all your queries relating to the personal data you process and collect.

The GDPR expert facilitates exchanges with the CNIL (National Commission for Information Technology and Civil Liberties). He will therefore be the main point of contact in the event of an inspection by the CNIL (National Commission for Information Technology and Civil Liberties), or in the event of a complaint from a prospect.

  Lately, he's been producing the documentation you need to be GDPR compliant, the reason you appointed him in the first place. Documentation is one of the fundamental pillars of the GDPR that allows you to be able to comply with it, and to be able to prove it in case you have an inspection by the CNIL (National Commission for Information Technology and Civil Liberties). This is known as the "accountability" principle.  

What skills and certifications
are needed to become a GDPR expert?

To become a GDPR expert, there is no single path to follow, so there is no typical profile. On the other hand, in order to successfully carry out their personal data governance mission, a GDPR expert must have a minimum of knowledge:

• Legal and technical expertise on all aspects of personal data protection;
• Knowledge of the organization's sector of activity and its regulations, whether as a controller or processor ;
• Processing operations, information systems and the organization's needs in terms of personal data protection and security.

What's more, in addition to skills and knowledge, it's highly recommended that your GDPR expert be open to business. Indeed, by calling in a GDPR expert, you integrate him or her into your company's thinking in order to find solutions that both comply with GDPR as a law, and maximize value for the company as a profit-seeking entity. Especially since one of the benefits of GDPR is value creation.

In short, there's no diploma required to become a GDPR expert, but you do need to make sure that your GDPR expert has the qualities and skills required to perform his or her role. He or she must be a real driver, capable of convincing, popularizing and, above all, communicating. Generally speaking, a GDPR expert must be able to monitor your legal and technical compliance.

Does a DPO have to be a GDPR expert?

A DPO or Data Protection Officer, whether internal or external, is someone you call on to support you in your GDPR compliance.

Your DPO must be registered with the CNIL (National Commission for Information Technology and Civil Liberties). By the way, the list of the various DPOs appointed by the CNIL (National Commission for Information Technology and Civil Liberties) is public. This list is not a guarantee of quality, since anyone can be declared DPO to the CNIL (National Commission for Information Technology and Civil Liberties), even if they have no skills.

The DPO must be someone to be trusted, and his or her presence must be communicated throughout the organization, so that employees are aware that he or she can be contacted at any time with any questions about personal data.

The DPO principle came into being with the appearance of the GDPR , which came into force in 2018. Its role, competencies and obligations were established by the GDPR , which describes this in its texts.

You can read our article External DPO article on the subject.

There are many GDPR training courses and, in particular, certified DPO training courses, some of which are recognized, such as that offered by Afnor for example.

Purely legal training, whether in IT or data protection, is still necessary.