We take over the processes which frequently remain the burden for personal data commissioners. The present-day function of information safety commissioner or a function of a data protection officer (since 25th May 2018) shall be included into such processes. We guarantee full independence of functions and updated resources of the knowledge on the personal data protection and IT safety.
Appointing an information safety commissioner is not mandatory pursuant to the Act on data protection valid since 25th May 2018. This means that there is no legal obligation to appoint an information safety commissioner.
Appointing a data protection officer (a replacement for an information safety commissioner) pursuant to GDPR may be mandatory under some circumstances. The obligation to appoint a data protection officer stems from article 37 of GDPR which states the following:
Article 37. 1 An administrator and a processing entity shall appoint a data protection officer always when: a) the processing is performed by a public organ or entity, except for courts with regards to the system of justice being enforced by them; b) the main activity of an administrator or a processing entity is based on the processing operations which, due to their character, range or objectives, require regular and permanent large-scale monitoring of the persons whom the data refer to; or c) the main activity of an administrator or a processing organ focuses on large-scale processing of various categories of persona data set forth by article 9 clause 1 as well as the data referring to the convicting judgements and law infringements specified by article 10.
The duties of a data protection officer include, however are not limited to: * Advising an administrator, a processing entity and the staff responsible for personal data processing on the duties imposed over them pursuant to the following regulation and other provisions of EU or Membership States on data protection as well as counselling on such issues; * Monitoring how the following regulation, other provisions of EU and Membership States on the data protection, administrator’s policies or the policies of processing units are observed , including division of duties, actions to enhance the awareness , trainings of the staff participating in data processing operations and related audits; * Providing on-demand recommendations with regards to the evaluation of the consequences over data protections and monitoring over its enforcement in line with article 35 of GDPR. * Cooperation with a supervisory organ * Performing the function of a contact point for a supervisory organ with regards to the questions related to processing, including the previous consultations specified by article 36 of GDPR and under proper circumstances, running the consultations on any other issues