A necessary interrelation between the Compliance Officer and the Data Protection Officer.
By Ariadna Torrijos. Professor "Criminal liability of legal entities: Criminal compliance and procedural aspects" and "Data Protection Delegates and control authorities." Master in Compliance & Data Protection Management.
The entry into force of the General Data Protection Regulation and the appearance of Criminal Compliance Systems have meant a paradigm shift in the way in which a company, foundation, association or self-employed person ("Entities") must face regulatory compliance. in Spain.
Studying a Master that integrates Compliance and Data Protection is not only explained by the growing demand for specialization in these subjects, but also by the similarities and complementarities that occur between both disciplines.
Both disciplines offer Entities the freedom to design and implement measures that at their discretion they consider appropriate in order to avoid, control, and react to actions contrary to the Penal Code and the RGPD/LOPDGDD; hence, Having a Data Protection Officer and a Compliance Officer can be crucial to demonstrate the existence of a certain diligence in preventing the aforementioned legal risks, and thus be able to avoid large economic sanctions, which undoubtedly also entail other important associated costs, such as the reputational factor.
The intrinsic proactivity of these professional profiles, responsible for advising, controlling and supervising compliance with regulations regarding criminal legal liability and personal data protection, respectively, has its practical exemplification in the necessary involvement that they must have, constantly. , in all functional areas of the Entity. Knowledge of daily operations is vital to understand the real scenario in which the business operates and to be able to advise the adoption of valid and effective decisions. It is also necessary that they have the independence, autonomy and necessary resources, in order to guarantee the correct performance of their tasks and the necessary objectivity and rigor in their observations.
It is precisely the preventive approach to regulation to which I refer at the beginning of this writing, which makes it possible to adapt Personal Data Protection and Compliance (the term being understood in its broadest and most ambitious sense of "Regulatory Compliance"), to the individual and specific needs of each Entity. and to be able to offer "a tailored suit" according to its particularities, appropriate to its size, sector and composition, among others.
21st century entities require profiles capable of taking on these new challenges and responsibilities, so greater training of professionals for these areas is essential. In line with the above and, as a result of the existing convergence between Compliance and the Protection of Personal Data, the training of experts who master both disciplines will represent great added value for contracting entities.
