Privacy Statement and Data Protection Officer
We strongly recommend that you publish a privacy statement on your web page and nominate a person or persons to be Data Protection Officers in your organization.
Privacy Statement
For communicating your security policy both to your customers and your employees, and other people involved, make sure that you have the privacy statement defined, and that it can be accessed by all concerned. Consider defining the following items in your policy:- What kind of data is saved in the system?
- What is the retention time of the data saved in your system?
- How is this data protected?
- Who is your Data Protection Officer to be contacted if any interest to data protection questions arise?
- How can the people interested in their personal data saved in the system request information about it?
Data Protection Officer (DPO)
Each organization should have a person or persons named to be Data Protection Officer (DPO). The tasks of a DPO include but are not limited to:-
DPO makes sure that should there be any changes in the privacy statement, the customers are informed about it in an appropriate way.
- DPO is a contact person for the customers that request information about the personal data saved about them in the system, and deletion of that data when requested.
- Only DPO can collect a person's personal data, or delete it, on request.