It has been three years since the European Union began applying a landmark legislation for data protection in the region — the General Data Protection Regulation (better known as GDPR). It is the most comprehensive data privacy and security law in the world and reaches far beyond Europe. In light of some of the major updates in the past year, we’re republishing the original series of articles from 2018 to take into account how GDPR has evolved. In this first piece, we look at one of the key aspects — the appointment of a Data Protection Officer (DPO).
What exactly is a DPO?
A simple enough question, but the answer requires some understanding of GDPR and EU data privacy rules.
For any EU citizen, the right to privacy and protection of personal data is secured in the charter of fundamental rights (Articles 7 and 8). Personal data needs to be protected and the processing of it must have a lawful purpose and be transparent. The main instrument for ensuring this prior to 2018 was a combination of EU directives and local law in the different member states. That all changed on the 25th of May, 2018 with GDPR being adopted in all EU and EEA member states.
A DPO (Data Protection Officer) works to protect the fundamental freedoms and rights of data subjects in relation to privacy and data protection.
With GDPR, the role of the DPO became written into the EU law. For some institutions, having a DPO will be mandatory, while others can choose to opt in. The following organizations are required by law to appoint a DPO:
Public/government institutions
Organizations processing certain types of sensitive data on a large scale
Organizations processing personal data that involves large-scale monitoring or surveillance
Recognizing that many of our customers will need to fill this role, itslearning was among the first LMS providers to appoint a DPO. In addition to monitoring our own compliance and providing advice and training to our own staff, our DPO is available to our customers and their DPOs to discuss data privacy issues. I held that role until 2020 when itslearning was acquired by Sanoma Group. The role now sits with Riika Turunen in Sanoma. Her details are available on our GDPR page.
The role of the DPO
So back to the original question, what is a DPO? A simple way of putting it is that DPOs work to protect the fundamental freedoms and rights of data subjects in relation to privacy and data protection. To ensure that the DPO puts the rights of the data subject first, not those of his or her employer, there are particular provisions in GDPR to ensure independence. A DPO cannot be instructed in or penalized for the work done as a champion of data protection. He or she can also not have another role that could conflict with personal data protection.
A common misunderstanding about the role is thinking that the DPO is responsible for compliance with GDPR. It is actually the opposite, a DPO cannot have a formal role where decisions are taken that could affect GDPR compliance. Think of it as the difference between an accountant and an auditor; the auditor can advise the accountant and recommend accounting technics, but must remain independent.
Similarly, the DPO must always be consulted in important matters relating to data protection within his organization. He or she could take responsibility for training the organization on their duties under European data protection regulations. The DPO should also be able to proactively assess and monitor compliance, and report back to the highest level of management of the organization. The DPO is also the contact point for supervising authorities in each country who are responsible for ensuring that personal data is processed fairly and lawfully.
The DPO is also responsible for dealing with direct requests from data subjects. However this is limited to requests in cases where the organization is responsible for the purpose of the processing (the controller). For itslearning, the majority of the data we process, is on behalf of our customers. If you are a student, teacher or parent using our customers services, you need to contact the institution you are enrolled in to exercise your rights. Our DPO will, however, do what she can to support your institution in protecting your rights.
People in Europe now enjoy the highest level of data privacy in the world, thank to GDPR. Since its introduction, more people have become aware that their data is valuable and risk to data breaches must be managed rigorously. At itslearning, we take data privacy very seriously with a strong commitment to GDPR and ISO 27001 standards.
For more information on GDPR and your rights as an itslearning user, please visit our webpage: itslearning is GDPR compliant.
John-Arthur Berg, itslearning Originally published February 22, 2018. Updated Sep 1, 2021
Subscribe to our newsletter
Keep reading…
Five classroom activities for Kid Inventors’ Day
News
Five classroom activities for Kid Inventors’ Day
January 16, 2023
How to engage your students in the new year
Community
How to engage your students in the new year
January 13, 2023
itslearning at the 3rd International Lillehammer Lifelong Learning ICDE Conference in February
Community
itslearning at the 3rd International Lillehammer Lifelong Learning ICDE Conference in February
January 10, 2023
itslearning proud to sponsor African Promise Christmas carol service
Community
itslearning proud to sponsor African Promise Christmas carol service
December 2, 2022
Educators agree data protection and user-friendliness are the main reasons to use an LMS
Higher Ed
Educators agree data protection and user-friendliness are the main reasons to use an LMS
November 29, 2022
Tanzania is raising the quality of education together with itslearning and the Norwegian government
Higher Ed
Tanzania is raising the quality of education together with itslearning and the Norwegian government
November 24, 2022
How lifelong learning is changing 21st-century society
Community
How lifelong learning is changing 21st-century society
November 15, 2022
itslearning externships offers University of Bergen students real-world experience
Community
itslearning externships offers University of Bergen students real-world experience
November 10, 2022
Every Educator Needs a Modern, Versatile and Empowered Way to Support Students’ Progress
Community
Every Educator Needs a Modern, Versatile and Empowered Way to Support Students’ Progress
October 26, 2022
How did a new LMS drive pedagogical transformation at the University of Southern Denmark?
Higher Ed
How did a new LMS drive pedagogical transformation at the University of Southern Denmark?
October 24, 2022
itslearning at the 28th Annual OEB Global Conference in Berlin
Community
itslearning at the 28th Annual OEB Global Conference in Berlin
October 20, 2022
DevDays festival – putting users first
Community
DevDays festival – putting users first
October 10, 2022
The new itslearning and Microsoft Teams integration
Higher Ed
The new itslearning and Microsoft Teams integration
September 15, 2022
Layering security to protect your data
News
Layering security to protect your data
June 21, 2022
Data security and a good support package are essential when choosing an LMS
Community
Data security and a good support package are essential when choosing an LMS
May 18, 2022
itslearning now available in Ukrainian
Highlights
itslearning now available in Ukrainian
May 3, 2022
University Campus Oldham migrates from an Open Source LMS to itslearning
Community
University Campus Oldham migrates from an Open Source LMS to itslearning