Data Protection Officer

NCPDP informs the visitors of the website about the fact that according to the draft law on personal data protection, the controller and the processor designate responsible for personal data protection in any case where:

a) the processing is carried out by a public authority or an institution providing public services, except for the administration of justice;

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data.

IMPORTANT! The controller and the processor shall ensure that the data protection officer is properly and timely involved in all matters relating to the personal data protection. In order to ensure the independence of data protection officer, the controller and the processor shall ensure that the data protection officers do not receive any guidance as to the performance of these tasks.

TO NOTE! Data protection officer will be the communication link between the personal data controller and the data subjects. Data subjects may contact personal data protection officer on all matters relating to their data processing and the exercise of their rights in accordance to this law.

NECESSARY NOTES! Personal data protection officer will have, for example, the following attributions:

a)   informing and consulting the controller, or the processor, as well as the employees who carry out personal data processing about their obligations pursuant to this law and other regulatory provisions regarding personal data protection

b) monitoring compliance with data protection law and other data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

c) consultation, upon request, regarding the impact assessment on personal data protection and the monitoring of its functioning, in accordance with Art. 40;

d) cooperation with NCPDP;

e) assuming the role of contact point with the Center on issues relating to processing;

f) other tasks stipulated by law.

RECOMMENDATION! NCPDP recommends that personal data controllers make efforts to identify and appoint a data protection officer, as it is a useful lever and can be a strong ally for the personal data controller / processor in the process of ensuring compliance personal data.