Manage the data protection organisation

Define which persons are part of your data protection organisation who will further develop your data protection in the company. Complete the appointment information for your data protection officer.

Background 

The most important part of an organisation is its employees. In the Robin Data ComlianceOS®, you can record these employees as persons, assign them to specific locations, and assign their function within the organisation. 

The data protection organisation

In larger companies, a committee is often set up to take care of the further development, monitoring and implementation of data protection. This organisation is called the data protection organisation. It is usually set up as a staff organisation and reports directly to the management.

Members of the data protection organisation are usually:

  • the management (also referred to as the "controller"),
  • the data protection officer,
  • the data protection coordinators, 
  • the IT security officer,
  • employee representatives such as delegates from the works council or the staff council
  • and 
  • various specialist representatives, primarily from human resources and IT administration.

The rule of thumb for the members of the data protection organisation is: members come from the areas of the organisation that process core (comprehensive and sensitive) personal data and those employees whose roles require them to deal with data protection (e.g. an organisation's data protection officer).

Persons in the data protection organisation are not automatically users of the system

As a rule, only those users who are part of the data protection organisation interact with the Robin Data Software. However, it may be useful to create additional persons in the Robin Data Software. For example, in a later version, the Robin Data Software will include a training module that will allow training to be started and managed based on the people in the organisation. 

These people are therefore not automatically users with access to the Robin Data software. If you want to make a person a user, you must create a user account for the person. This can be done by the administrator under Organisation Management > Users

Manage your data protection organisation

  1. In the main menu click on Data protection: A dropdown menu will open. 
  2. In the dropdown menu click on Data protection organisation: The table view will open.

The general functionality of the table view is described in the article Using the table view.

dporga_1

Click to enlarge image

In the table view you can see the overview of the currently already created persons.

Create persons of the data protection organisation

  1. In the main menu click on Data protection: A dropdown menu will open.
  2. In the dropdown menu click on Data protection organisation: The table view will open.
  3. Click on the button +Person: A quick start input mask opens in which the name can be recorded. 
    Zwischenfenster-dpo-person-EN
  4. Fill out the fields of the quick start input mask.
  5. Click on Edit: An empty input mask will open.
  6. Fill out the input mask.
  7. Click on Save: The person has been created.

Note

If you select Without edit in the quick start window, the person will be saved in the table view without any further details, and can be edited at a later time. 

Data areas of the input mask

Personen der Datenschutzorganisation erstellen

Click to enlarge image

 The left panel has the following data areas:

  • Person: Maintenance of the person master data
  • Organisation: Definition of the function and roles in the data protection organisation for this person.

Data area: Person

This data area has the following form fields: 

  • Location (mandatory field): Select the location where this person works according to the HR department.
  • Salutation: Select the salutation of the person
  • Title: Enter the title of the person (e.g. Prof. Dr.)
  • First name (mandatory field): Enter the person's first name
  • Surname (mandatory field): Enter the person's last name
  • Email: Enter the person's work email.
  • Phone: Enter the person's work landline number.
  • Mobile: Enter the person's work mobile phone number

Data area: Organisation

This data area has the following form fields:

  • Functional area: Enter the functional area (e.g., Sales, Human Resources) to which the person is assigned. This is used to make persons in the functional areas of the organisation co-responsible for parts of the data protection documentation. You can define this yourself.
  • Role in the organisation: Specify the role person in the organisation. If this is usually part of the data protection organisation (see Background above), the following query box is set to "Yes".  
  • Appointed data protection officer: The data protection officer is always part of the data protection organisation. There is always only one data protection officer per organisation (company, authority, group, etc.). The data protection officer must be appointed to his or her office by certificate of appointment.
  • Appointed as data protection officer on: Enter the date of appointment.
  • Notification to the supervisory authority: Enter the date of notification.

The right pane has the following data areas:

  • Matcher Tab: The matcher allows you to link documents and view linked documents.
  • Status tab: In this tab it is possible to manage the status of a document and to store notes about the person.
  • Attachments tab: In this tab you can deposit related documents using the Add Attachment button.
  • External links tab: In this tab you can link related information using the Add External Link button.

Data area: Status

This data area has the following form fields:

  • Notes: Your notes on this location.
  • Color coding of the document: Here you can assign a color code to your document. Color codes can be created via Organisational data > Management system > Content groups.

Data area: Attachments

This data area has the following form fields:

  • Certificate of appointment: File upload of the certificate of expertise.

The general use of the input masks with forms is explained in the article Using input masks with forms.

Note on proof of expertise

Every member of the data protection organisation who is directly involved in data protection should be able to provide evidence of specialist knowledge in the field of "data protection". This applies in particular to the data protection officer and data protection coordinators. 

Expertise in the area of data privacy includes, in particular, the following characteristics:

  • Legal knowledge of data protection laws, especially the GDPR and the BDSG and related areas of law, such as labour law and special data protection principles.
  • IT knowledge, especially knowledge of technical and organisational measures to increase data security.
  • Knowledge of organisational theory, both in companies and in public authorities, in order to be able to optimally implement processes in the area of data protection.

 

Further questions? - We are here for you.

If you have any questions about the software, please feel free to contact our support team. You can reach us at support@robin-data.io.