The Data Protection Officer (DPO) is a professional figure introduced by the new GDPR (General Data Protection Regulation). He/She is an expert whose duties mainly consist in monitoring compliance with the regulation, in assessing the impact on data protection, in checking that the timely notification of any data breaches in the database and the drafting of the related tracking documentation are performed as required by law.
The DPO is appointed by the data controller or by the data processor; he/she can be internal or external to the company but always autonomous and independent of the data controller.
He/She is an optional figure. He/She becomes mandatory by law only in three cases:
- if the data processing is carried out by public authorities
- if treatment requires regular and systematic monitoring on a large scale
- if the treatment regards, always on a large scale, special categories of personal data or related to criminal convictions and crimes.
None of the three cases listed above is applicable to Max Application: the volume of data processed through our pharmacovigilance software, SafetyDrugs, of which we are developers and owners, does not exceed the minimum threshold by which the regulators define the large scale. Those processed by our software represent the 6% of the cases of the European Economic Area.
In order to increase data security and ensure greater protection, we have nevertheless chosen to appoint an external DPO. We relied on the company of Milan New Consulting – Praolini Srl, in the figure of Praolini Carlo.
The appointed DPO will be the responsible person for:
- the review of the treatment registers, in particular those provided for in the pharmacovigilance services, provided through our SafetyDrugs safety database
- the revision of information and appointments
- the revision of the impact assessment
- the quarterly control reports
- the half-yearly reports on the activity performed and on compliance with the GDPR and the related audits
- the training on the regulation addressed to Privacy delegates, system administrators and authorized people
- the management of customer requests regarding privacy
The measures adopted are in addition to the previous ones implemented with the entry into force of the GDPR:
- general improvement of accesses control and data protection
- more effective prevention of data breach or theft
- greater transparency towards data holders.
With the appointment of a Data Protection Officer we are sure to provide a higher quality of service.