GDPR (Act No. 18/2018 Coll. on Personal Data Protection)

Data Protection Officer (DPO): Your Key to GDPR Compliance and Personal Data Protection

A Data Protection Officer (DPO) is a specialist responsible for ensuring and monitoring that the processing of personal data in your organization complies with the EU GDPR and related legislation.

We offer the service of an External DPO, providing comprehensive expertise, independence, and long-term experience. While the data controller or processor remains ultimately responsible for GDPR compliance, appointing a DPO demonstrates your commitment to the law and minimizes the risk of substantial fines.

When is appointing a DPO mandatory?

The Personal Data Protection Act defines three cases where you must appoint a DPO:

Public authority or public body

  • Applies to entities performing processing as a public authority (e.g., ministries, municipalities, self-governing regions) or as a public body (e.g., schools, educational institutions, Social Insurance Agency, health insurance companies). Courts are exempt when performing judicial functions.

Core activity = large-scale monitoring

  • Required if your main activities involve processing operations that, by their nature and scope, require regular and systematic monitoring of data subjects on a large scale.

A core activity is an activity that is essential to achieving your business objectives.
Monitoring includes all forms of observation and profiling, such as targeted (behavioral) advertising, location tracking via mobile applications, profiling and scoring for risk assessment (e.g., credit risk), or extensive security camera systems.
Large-scale is assessed based on the number of data subjects, the volume of data, and the duration of processing. For example, it includes the processing of customer data in the normal operations of a bank, insurance company, or internet search engine.

Core activity = large-scale processing of special categories of data

  • Mandatory if your main activity involves processing sensitive personal data (e.g., health, genetic, or biometric data) on a large scale, or data regarding criminal convictions or offenses.

Examples: Patient data in hospitals or laboratories, or extensive processing by law firms specializing in criminal cases.

Tip: If you are unsure whether you are required to appoint a DPO, we offer an analysis of your processing operations. Your decision (whether or not to appoint a DPO) should be documented in writing.

We provide DPO services for over 300 organizations

across private and public sectors, hospitals, schools, and educational institutions.

Outsourcing the DPO Role

A DPO can be an internal employee or an external specialist (individual or legal entity). Our external DPO ensures the required expertise and, most importantly, independence—essential to avoid conflicts of interest. The DPO considers the risks associated with processing activities, taking into account the nature, scope, context, and purpose of data processing.

Our experts have knowledge of EU and national law, IT, and data security. We assume all DPO obligations defined under GDPR, including:

  • advising and informing the controller and employees involved in data processing about their obligations,
  • monitoring compliance with applicable data protection legislation and internal policies, including role separation, awareness, and staff training,
  • providing guidance on Data Protection Impact Assessments (DPIAs) and monitoring their execution,
  • cooperating with the supervisory authority,
  • acting as the contact point for the supervisory authority regarding data processing inquiries, including prior consultations and other necessary guidance,
  • representing the controller in dealings with the supervisory authority,
  • performing control and audit activities.

Benefits of Working with Us:

  • Assurance of compliance with legal requirements - we track and apply all current updates.
  • Clear recommendations and support for critical decisions - our certified CSMs are available to assist you.
  • Ongoing support even after implementation - a broad team of experts is at your disposal.
  • One-stop solution - no need to search for multiple vendors.

A DPO is a specialist with legal, IT, and security expertise who acts impartially and independently to protect data subjects’ information, without conflicts of interest.

References and experience:

 

For more information on comprehensively deal with personal data protection issues, do not hesitate to contact us.

Submit your request via obchod@somi.sk or through the contact form provided below.