Outsourcing of the Data Protection Officer (DPO) function


Objectives of the service

The currently applicable provisions do not specify who may act as DPO at universities. As a result, it is common practice that DPO duties are additionally imposed on employees of administrative or IT divisions and therefore, the persons acting as DPOs lack the competencies and the time required in order to perform the tasks relative to the compliance with personal data protection principles to the full extent.

Within the framework of outsourcing of the DPO function, the university delegates all the obligations listed in the Personal Data Protection Act, including training employees, granting authorizations and keeping a register thereof as well as elaborating and updating documentation, to a seasoned team of experts from PCG Polska and *Lex Artist Law Firm.

A correct and comprehensive implementation of the procedures relative to personal data protection combined with exercising the DPO role in a professional manner may be highly beneficial for the university and for its relations not only with its employees, but also with students, who value security. Furthermore, high personal data protection standards create a positive image of the university and distinguish it from among its competitors.

Scope of the service


  • Supervisory and organizational functions:

    • General supervision over the security of personal data processing;
    • Replying to any queries regarding the personal data filing systems controlled;
    • Taking appropriate action in response to detected breaches of the personal data security system;
    • Issuing opinions with regard to the possibility and the correctness of personal data collection, the applicable obligations to inform and the disclosure of personal data.


  • Supervision over appropriate training of employees and over issuing authorizations:

    • Issuing, modifying, revoking authorizations to process personal data;
    • Ongoing supervision whether all employees processing personal data hold the relevant authorizations;
    • Keeping and updating the register of persons authorized to process personal data;
    • Elaborating a curriculum of trainings in personal data protection and ensuring its implementation for employees processing personal data.


  • Competencies relative to obligations towards the Inspector General for Personal Data Protection (GIODO):

    • Notifying personal data filing systems processed by the university to GIODO;
    • Deleting the filing systems which ceased to be processed by the Ordering Party from the register kept by GIODO;
    • Filing applications for updates with GIODO;
    • Providing GIODO with replies and clarifications with regard to the personal data filing systems processed by the Ordering Party;
    • Participating in inspections performed by inspectors from the Bureau of the Inspector General for Personal Data Protection.


  • Entrusting and transferring personal data:

    • Auditing the required employee documentation: regulations, questionnaires, etc.
    • Drawing up agreements on entrusting the processing of personal data;


Benefits

Outsourcing of the DPO function is a proven, widely practiced solution fully approved by GIODO, allowing to relieve companies and public institutions of the obligations relative to personal data protection.

The services offered by PCG and Lex Artist allow to obtain the following benefits:

  • Superior quality legal assistance ensured by a seasoned team of lawyers, specializing in personal data protection for years;
  • Stability owing to fixed costs of assistance and continuity of service guaranteed by many years’ presence of PCG and Lex Artist in the Polish and international market;
  • Continuous access to specialized and up‑to‑date legal knowledge. Legal consultations and opinions as required;
  • Saving the university's time and funds - we relieve you of all obligations relative to personal data protection, allowing you to concentrate on your principal activity;
  • Access to a proprietary e‑learning platform included in the monthly subscription price (the platform enables the training of university employees scattered across various departments and campuses).



* Lex Artist is the only law firm in Poland specializing exclusively in personal data protection. The firm has performed over 500 documentation audits and implementations, held over 1000 trainings and acts as DPO for over 80 regular customers.