Our responsible and proactive measures
In Article 29 of the Data Protection Working Party, it is mandatatory for certain controllers and processors to designate a DPO. This is the case for organisations that – as a core activity – monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale. Findx doesn’t fall under this description, but in order to secure the best possible privacy of the people using our services we have appointed a DPO, who is the contact person for the local Danish Authorities in any cases that might appear.
Data Protection Officer
Brian Schildt Laursen
Ahlgade 21, 1.
The responsibilities of our Data Protection Officer
Article 39(1)(b) entrusts DPOs, among other duties, with the duty to monitor compliance with the GDPR. Recital 97 further specifies that the DPO ‘should assist the controller or the processor to monitor internal compliance with this Regulation’.
As part of these duties to monitor compliance, DPOs may, in particular:
- Collect information to identify processing activities.
- Analyse and check the compliance of processing activities.
- Inform, advise and issue recommendations to the controller or the processor.
Monitoring of compliance does not mean that the DPO is personally responsible where there is an instance of non-compliance. The GDPR makes it clear that it is the controller, not the DPO, who is required to ‘implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation’ (Article 24(1)). Data protection compliance is a corporate responsibility of the data controller, not of the DPO.