Share on social networks!

The figure of the data protection delegate in the Public Administration

He General Data Protection Regulation (GDPR) establishes that, when the processing of personal data is carried out by a public authority or body, the appointment of a data protection officer (DPD).

The GDPR provides that you can appoint a single DPO for several authorities or bodies, taking into account its organizational structure and size. In addition, the possibility is foreseen that the DPD can exercise its functions completely or partially, that is, that a DPD can be appointed to focus exclusively on a large administration or on several, as is the case of local administrations.

Likewise, the GDPR provides that the DPD may be part of the staff of the person responsible or in charge of the treatment or perform their functions within the framework of a service contract. Thus, it is possible that, in smaller entities, this figure is internal; but combine your functions with others. If this is the case, the need to avoid conflicts of interest among the various entrusted occupations.

We know that the GDPR establishes that the DPO will be appointed based on their professional qualities and, in particular, their specialized knowledge of data protection law and practice and their ability to perform their duties. In this case, you must also have sufficient knowledge in Administrative Law to know how the services work and how administrative procedures are developed.

On the other hand, public administrations are obliged to comply with the National Security Scheme (ENS), whose purpose is to create the necessary conditions of trust in the use of electronic media, which allows citizens and public Administrations, the exercise of rights and the fulfillment of duties through these means. 

To do this, it is necessary, in most cases, to create a Security Committee, which will be responsible for aligning the organization's activities in terms of information security and whose composition will be determined in the information security policy. of the organization.

The DPD will usually also form part of the security committee, but will enjoy total independence in the exercise of its functions. This work is really important to know, since it will mark the day-to-day life of the DPD who works for the Public Administration.

IT Lawyer | Governance, Risk & Compliance | Privacy

Subscribe to our newsletter to stay up to date with all the news

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad
Blog Master Dpo

Leave a comment