Description
Data Protection Officer
Expected start date: April 20, 2020.
Expected end date: December 31, 2020.
Number of working days (if regulated): 66 days.
Project: ensure the mission of data protection delegate on a temporary basis for Bruxelles Environnement.
Expert knowledge of the rules applicable to data management, including soft law: recommendations from the control authorities, recognized good practices, etc.
The activity must appeal to comparative law also with regard to BE's missions: a number of legislations stem from the application and/or the transposition of international and European rules.
- a general knowledge of data management and IT processes, in particular with regard to information security.
3.2. Planning and activities
For the next six months, although it is difficult to forecast activity prospectively, here are the main points:
- deploy a minimum offer of advice for small-scale treatments (constitution of contact lists, public policies based on voluntary participation): provision of information relating to treatment and public contract clauses, reminder of the principles;
- provide assistance for the implementation of processing based on the exercise of a mission of public interest: determination of the life cycle of the data, drafting of
the legal basis, verification of the application of the principles, response to questions from the legal basis, verification of the application of the principles, response to questions from the advisory bodies (including the Data Protection Authority);
- participate as a supplier in the organization's projects involving significant data processing. Example: implementation of a human resources IT system;
- keep an eye on the (see below) .brussels e-mail box, mainly intended for the external and inactive public;
- provide advice in case of potential complaints.
Following the assignment of the mission, a meeting will take place with two members of BE's management: the Deputy Director General and the head of the Digital Transformation department. The objective will be to recall and clarify the terms of the mission, as well as agree on the rules of collaboration with the DPO.
Mission follow-up meetings will be organized by the head of the aforementioned service, once a month.
A front-line system will be put in place, through an internal "SPOC DPO". The goal is to provide basic, quick-response service.
Initially, the point of contact will relay all requests and keep track of services.
During the mission, he/she will respond to requests for requirements and more complex requests will then be communicated to the DPO designated for this mission.
At the end of the mission, the DPO must transfer knowledge to the future DPO designated from .
3.3. Useful resources
In order to be informed and to carry out its missions in the most documented way possible, the following tools are made available to the DPO:
- Basic internal documentation in the form of a mini-site, incorporating the principles of the GDPR, some thematic studies: cookies, subcontracting, spatial data, access to authentic sources, etc.
The treatment activity log is there.
- OneNote: ongoing projects, background information, details of the processing operations included in the aforementioned register, useful links.
- Tree structure of the shared server: documents relating to processing, general documentation.
Using the last two tools requires the Microsoft Office suite.
Expected start date: April 20, 2020.
Expected end date: December 31, 2020.
Number of working days (if regulated): 66 days.
Expected deliverable: ensure the mission in the context described above.