The Italian Data Protection Commission (Garante per la protezione dei data personali) has released a comprehensive guide, The DPO Handbook, which gives advice on the necessary tasks of a Data Protection Officer.
The handbook provides extensive practical guidance on the following tasks of a Data Protection Officer:
- Scoping the controller’s environment
- Task 1: Creating a register of personal data processing operations
- Task 2: Reviewing the personal data processing operations
- Task 3: Assessing the risks posed by the personal data processing operations
- Task 4: Dealing with operations that are likely to result in a “high risk”: carrying out a Data Protection Impact Assessment (DPIA)
Monitoring of compliance functions:
- Task 5: Repeating Tasks 1 – 3 (and 4) on an ongoing basis
- Task 6: Dealing with personal data breaches
- Task 7: Investigation task (including handling of internal complaints)
- Task 8: Advisory task – general
- Task 9: Supporting and promoting “Data Protection by Design & Default”
- Task 10: Advise on and monitoring of compliance with data protection policies, joint controller‐, controller‐controller‐ and controller‐processor contracts, Binding Corporate Rules and data transfer clauses
- Task 11: Involvement in codes of conduct and certifications
Cooperation with and consultation of the DPA:
- Task 12: Cooperation with the DPA
Handling data subject requests:
- Task 13: Handling data subject requests
Information and raising awareness:
- Task 14: Information and awareness‐raising tasks
- Task 15: Planning and reviewing the DPO’s activities
The Handbook has been prepared as part of the training materials for the EU‐funded “T4DATA” training‐of‐trainers programme, aimed at training staff in a number of EU Member States’ data protection authorities in training of data protection officers, especially in the public sector, in their new duties under the EU General Data Protection Regulation (Regulation 2016/679, GDPR).
The project is carried out under the wing of the Italian data protection authority, the Garante per la protezione dei dati personali with the help of two experts from the Fundamental Rights Experts Europe (FREE) Group, Mrs. Marie Georges and Prof. Douwe Korff.
The Handbook draws on major contributions from the Garante della Privacy and from the other DPA‐partners who sent in very useful practical examples and copies of their own guidance notes on the GDPR.
Download the DPO Handbook here. The tasks of the DPO can be found in Section 3, on page 144.