European Regulation (679/2016) on the protection of personal data, in place since May 2018, has standardised legislation across all Member States of the European Union.
Its application, which must also be respected by companies based outside the European Union, has introduced significant changes to make companies more responsible for the processing of personal data, obliging them to adopt organisational models to reduce possible administrative and criminal liability. The GDPR, in addition to introducing new requirements, provides for the creation of new professional figures such as the Data Protection Officer (DPO), mandatory only where certain processing conditions are present.
The DPO is a professional figure which must have an internal, or external, corporate role with legal, IT, risk management and process analysis powers and responsibilities.
Their main responsibility is to monitor, assess and organise the management of the processing and protection of personal data within a public or private company, ensuring this data is processed in accordance with European and national legislation on Privacy.