Data protection officer at NHH
NHH has recently established the role of data protection officer, and the duty has been assigned to senior adviser Monica Nielsen Øen of the Section for Human Resources Management.
As our data protection officer, she is tasked with strengthening NHH’s knowledge about and expertise in personal data protection.
The EU’s Personal Data Regulation applies from May 2018, by which time NHH and all other public enterprises must have appointed a data protection officer. This has been a voluntary arrangement until now. Technological developments mean that new regulations are sorely needed, and the new Regulation will entail new joint rules for Europe in many areas. The Regulation sets more stringent requirements for enterprises’ control of their own processing of personal data, meaning more stringent internal control requirements. Each individual enterprise must create document systems to ensure and document compliance with the data protection rules. The Norwegian Data Protection Authority manages the arrangement.
‘The rules for the processing of personal data are based on some fundamental principles. As NHH’s data protection officer, I am tasked with ensuring that everyone who processes personal data adheres to these principles,’ says Monica Nielsen Øen.
NHH’s data protection officer shall:
- ensure that the processing of personal data is reported to the officer and that the information provided is correct and sufficient
- keep a systematic, publicly accessible overview of such processing
- ensure that the data controller has an internal control system that meets the requirements of the Personal Data Act Section 14 cf. the Personal Data Regulations Chapter 3
- assist the data subjects in safeguarding their rights pursuant to the rules on the processing of personal data
- notify the data controller of breaches of the Personal Data Act
- give data to the Data Protection Authority if it so requests, including making enquiries in specific cases
- keep up to date about developments in personal data protection
- provide advice and guidance to the data controller on the processing of personal data and the rules that apply to such processing
The appointment of a data protection officer does not relieve the data controller of their responsibility for ensuring compliance with the Personal Data Act.