The figure of the Data Protection Delegate (DPO) and the Compliance Officer
are consolidating as crucial rolesin a constantly evolving and increasingly regulated business world,
Although many companies may think that these two figures perform similar functions, their responsibilities and competencies are different and, in many cases, complementary.
Functions and competencies
is responsible for ensuring that a company operates in accordance with applicable laws and regulations. Their work encompasses not only a thorough knowledge of the regulations, but also the creation and management of compliance programs that minimize legal and reputational risk to the entity.
For its part, the DPO is essential to ensure that the personal data handled by the company is treated in accordance with the General Data Protection Regulation (GDPR) and other related local regulations, as is the case of Spain with the
Organic Law on Data Protection
The importance of a
is not merely formal. Companies that have an adequate compliance plan may be exempt from criminal liability, as long as they demonstrate that their prevention model is effective.
On the other hand, although the DPO has a consultative and advisory role, its existence does not per se exempt the entity from possible sanctions by bodies such as the Spanish Data Protection Agency (Agencia Española de Protección de Datos).
Spanish Data Protection Agency (AEPD).
Coordination between roles
Both roles, although with different functions and responsibilities, must work hand in hand in areas where their competencies converge. A clear example is the management of
internal whistleblower channels
where the privacy of the whistleblower, who could be a whistleblower, must be guaranteed.
as well as the whistleblower.
This coordination is essential, especially when it comes to crimes of discovery and disclosure of secrets and others that could attribute legal liability to the company.
Towards a culture of compliance and data protection
The existence of a
and a DPO, although essential, are not an absolute guarantee of corporate integrity. They must be supported by clear policies, adequate training for all employees and a firm commitment from the company’s management to the
corporate social responsibility policy
At the end of the day, having these figures and policies in place is essential, but even more important is that the company internalizes them and implements them with conviction and seriousness. Only in this way will organizations be prepared to meet the challenges of today’s and tomorrow’s world in terms of compliance and data protection.