The DPO must be appointed in cases where data processing is carried out by a public body or an authority; when the amount of data managed requires regular and systematic monitoring; when the data in question have a particular nature (e.g. sensitive data) or are judicial data. If an SME does not have the management of user data among its core activities, it is exempt from appointing a DPO. Here you can find an in-depth look at this new corporate figure.
The Data Processor, aka the “Data cnb directory Controller” The Data Processor – or Data Controller – is a natural or legal person, public body, service or other “actor” that manages the data on behalf of the data controller. Therefore, it can also be an external person, a supplier the data (but who must guarantee compliance with the GDPR). Fines for violating the GDPR Privacy Regulation As always, the penalties are very high: from 2% to 4% of the annual global turnover of the company that violates the regulation or, alternatively, a fee ranging from 10 to 20 million euros .
Who wants to take the risk? Protections for the user / person The entire regulatory system benefits users, who will in fact have greater protection, thanks to: Easier access to your data, with more information (clear and precise) on how the data is processed by the company Right to data portability between different service providers Right to be forgotten, if an individual no longer wishes their data to be processed (Vodafone, you have been warned…) Strong protections for minors' personal data Right to know when your data has been breached To avoid risks, contact someone who can provide you with advice on GDPR and Privacy issues, such as a law firm or secure and guaranteed online services specialized in Privacy (such as iubenda.