Since the General Data Protection Regulation (GDPR) came into effect, organizations such as universities are required to appoint a data protection officer (DPO, in Dutch: functionaris voor de gegevensbescherming). The DPO’s main job is to oversee the application and observance of the GDPR within the organization. As an internal supervisor the DPO is independent.
The DPO gathers information on data-processing activities that are carried out within UU, analyses these processing activities, and assesses the observance of the regulation. He also informs, advises and makes recommendations within UU.
The DPO is involved in Data Protection Impact Assessments (DPIA’s), can be consulted to assess whether incidents such a data breaches need to be reported to the Dutch Data Protection Authority (in Dutch: Autoriteit Persoonsgegevens) and gives an approval on privacy compliance for European Research Council Grants (ERC Grants).