Competences, Position and Role of Data Protection Officers in Ensuring Library Data Protection Compliance

Competences, Position and Role of Data Protection Officers in Ensuring Library Data Protection Compliance

The General Data Protection Regulation that recently entered into force in the European Union represents a significant milestone in development of efficient personal data protection in Europe. As a substantial upgrade to current legal framework it now explicitely provides the rights and freedoms of data subjects and responsibilities of data controllers and data processors. The Regulation is directly applied in legal systems of Member States and contains provisions designed to ensure data controllers, such as libraries, process personal data in line with the recognized principles of data protection. Libraries acquire personal data of users, authors and other physical persons (data subjects) through different means. Recognizing the need for specialized oversight and guidance on implementing Regulation mechanisms to ensure safe and secure personal data processing, the new law extensively regulate the position, role and competence of data protection officer whose main tasks include providing compliance advice for data controllers, handling of user requests and contact with the competent national data protection authority. As most libraries fall under the category of public bodies or authorites, the law mandates designation of such individual. Even when this is not the case and other Regulation conditions do not apply, it may be prudent to designate a data protection officer out of concern for data subject rights and freedoms and to coordinate efforts to achieve the highest level of compliance. The purpose of this presentation is to point out difficulties in achieving compliance for libraries in the public sector, identify the issues where having a data protection officer might be useful, help libraries establish a DPO position and choose a person of adequate competence.