The General Data Protection Regulations, which comes into force shortly, requires the need for a data processing officer
As we all know by now, the General Data Protection Regulations, the process by which the European Parliament intends to strengthen and unify data protection for all individuals within the European Union (EU), as well as addressing the export of personal data outside of the EU, comes into force on May 25th of this year.
One of the many requirements of the legislation is the need for a Data Processing Officer (DPO). This person assumes the role of data protection expert and deals with any data protection queries. It is a high-level position requiring grounding in both national and European data protection law and practice, as well as a thorough understanding of the GDPR.
Although there are three key areas where a DPO is definitely required, current thinking is that SME’s are not exempt and you are advised to assume you do require a DPO unless you can prove otherwise. The three main areas are:
So, is it possible, or worthwhile, for a smart city to share such a position?
The answer is yes. The need for the role of the ‘virtual DPO’ will increase, as many organisations will find that although they are required to have an audit carried out by a DPO, in reality, they will be unable to justify the expense of a dedicated person. So, having access to a local and shared DPO will be a luxury, especially if that DPO is known by others you associate with. Providing such a resource would be cost-effective for a facilities company too, as that individual could handle any in-house DPO functions as well as being ‘billed out’ as an additional revenue stream and benefit within the ‘smart environment’.
A virtual DPO affords more transparency for an organisation in that the DPO can be clearly neutral, objective and independent. They cannot be on the Board or a key IT member. They need to have a wide range of business knowledge and understanding of how the regulation could be best adopted. Often, this experience will come from working with many different organisations.
And, the ‘virtual DPO’ need not be a single person, it could be a team which gives the smart city resilience by being able to react quickly to either illness or work pressure, something not available should you employ a dedicated person. Furthermore, being part of a larger network means that your business is at the forefront of any changes that take place within the regulatory/legal sphere. Be it the updates to GDPR, the new e-privacy regulation or the sharing of data post Brexit. You do not need to rely on one person to keep track of all the changes, the changes come to you. Instead of looking at one piece of legislation, you can ensure you incorporate more, so you do not have to start the work all over again further down the line.
A final advantage of a ‘virtual DPO’ is that, should the worse happen and you have to declare a breach with the ICO, the ‘virtual DPO’ would have had previous experience and will have the knowledge of how to navigate the process. This is a huge advantage to an organisation when in a crisis position and you are trying to recover data. Having someone skilled and ‘on your side’, will be very welcome indeed!
Colin Tankard is managing director at data security company Digital Pathways, a specialist in the design, implementation and management of systems that ensure the security of all data whether at rest within the network, mobile device, in-storage or data-in-transit across public or private networks.
If you enjoyed this, you may wish to view the following:
2017 was another year of major data loss and hacks but will the warnings be heeded?
Governments and developers of IoT sensors urged to find ways to minimise collection of personal data
|www.smartcitiesworld.net||JSESSIONID||To keep track of user sessions on the site and identify your user session.|
|www.smartcitiesworld.net||AFFINO_x||If we are hosting your sites this option is ticked. Each user profile has a number replacing x|
|www.smartcitiesworld.net||RVP||As a guest user we store the last 10 products you viewed|
|accounts_tab_active||Store the state of the Affino accounts tab (open or closed)|
|contacts_tab_active||Store the state of the Affino contacts tab (open or closed)|
|Affino_Control||Stores the layout of the Affino control panel (left or right)|
|Affino_BrowserMode||Set your browser to iPad and you'll be able to see what that user sees|
|LiveEditSwitch||Affino functionality remembers your settings if live edit switch is on/off|
|Affino_ControlWideScreen||Affino functionality remembers your settings if you selected this option|
|NewID||Cross domain check|
|Affino_CartID||Holds the users shopping cart ID|
|smartcitiesworld.net||km_ai||Is used on affino.com but is not in standard Affino. If your site uses Kissmetrics you'll need to include these.|
|www.smartcitiesworld.net||PRECACHE||Serve a cached version of the website to users to improve the performance of the site|
|facebook.com||__utma, __utmb, __utmc, __utmv, __utmz||These are used for facebook integration. Some Affino sites use single sign on (SSO). This service provides users with the option to sign in using their Facebook login. If they chose to do so Facebook cookies are set.
Further information on Facebook's Data Use policy is available at www.facebook.com/about/privacy
|player.vimeo.com||c_user, datr, act, locale, lu, p, presence, s, xs||When users view a web page on your site with an embedded Vimeo video, Vimeo creates these cookies|
|www.linkedin.com||X-LI-IDC||These are used for LinkedIn integration. Some Affino sites use single sign on (SSO). This service provides users with the option sign in using their LinkedIn login. If they chose to do so LinkedIn cookies are set.|
|linkedin.com||__qca, __utma, __utmb, __utmc, __utmv, __utmz, _lipt, bcookie, lang, lw|
|doubleclick.net||id||This is a Google tracking cookie for advertising purposes|
|soundcloud.com||__utma||Soundcloud can be used to share music and audio files. They use google analytics to capture visitor information|
|youtube.com||PREF||When you view a web page on your site with an embedded YouTube video, YouTube creates these cookies|
|imrworldwide.com||IMRID||These are cookies from an internet media and market research company Red Sheriff|
|quantserve.com||mc||This is an advertising cookie from Qantcast|
|scorecardresearch.com||UID||These are market research cookies|