The General Data Protection Regulation, in force since April 2016 and mandatory as of May 25, 2018, requires a guarantee and accreditation of compliance through responsible management.
The Regulation introduces the position of Data Protection Officer (DPO - also referred to as DPDs in Spain), who assumes the supervision and coordination of compliance with the Regulation. This person must be assigned on the basis of his/her professional qualities, theoretical and practical knowledge, and capacity to perform the functions indicated in the Regulation.
Furthermore, Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights, which became effective on 7 December 2018, adapts the GDPR to the Spanish legal system and, among other aspects, specifies organizations where the designation of a Data Protection Officer is mandatory.
This figure will be mandatory in:
- Authorities and public bodies
- Companies that deal with large-scale sensitive data
- Companies that monitor people systematically and on a large scale
- Insurers, financial and investment institutions, educational centres, information society service providers, and so on.
The publication of the Spanish Data Protection Agency's Certification Outline, firmly shows that the Agency is committed to the Certification of DPDs, as a guarantee of their fulfillment of responsibilities, for companies which establish the new Regulation.
In order to become certified, these professionals should fulfill the requirements established in the outline with regard to their experience and training received, and should take the examination conducted by an accredited body.