European representative
If you do not have any EEA offices, branches or other establishments, you should consider whether you are processing personal data of individuals in the EEA that relates to either:
- offering goods or services to individuals in the EEA; or
- monitoring the behaviour of individuals in the EEA.
If you are carrying out such processing, and intend to continue after the end of the transition period, you will need to consider whether you must appoint a European representative.
If you would like to appoint me as your European representative, please contact me.
Internal auditor
I have many years of experience in conducting various internal audits. That is why I can support and guide your organizations very well in conducting internal audits. If you want to carry out these internal audits yourself, I can train your employees in conducting internal audits.
In this way you kill two birds with one stone. The internal audits are guaranteed to be of good quality and the internal employee is trained to perform their own internal audits effectively and efficiently.
If you want to know more about this, please contact me via the contact form.Privacy Officer (PO)
Where the CISO is responsible for the information security policy, the PO (also called legal adviser on privacy), who in this case is not FG, is responsible for designing and (if present) monitoring the privacy policy within your organisation. In addition, the PO can support in mapping out the risks, for example by carrying out a Privacy Impact Assessment (PIA). When the privacy policy is established and the PIA's are executed, an implementation plan can be drawn up. Just like the CISO, he or she has an advisory role towards the departments and can answer questions like: how should we share this data? What rules should we abide by? What measures should we impose on the external party?
Do you need support in setting up this function within your organisation? Then I can help you. Together with you, I will look at what the privacy policy for your organisation should look like. In addition, I give advice on how the activities can be secured in your organisation.
If you want to know more, please contact me.
The Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is the spider in the web when it comes to information security within your organization. The CISO is responsible for implementing and supervising the information security policy. The CISO has a central role in managing all processes related to it. If you are or want to be certified against ISO 27001 or NEN 7510, the CISO must comply with the measures from that standard when controlling the processes.
The terms Chief Information Security Officer (CISO), Information Security Officer (ISO), and Security Officer (SO) are often used interchangeably. Is there a difference between these roles? Yes and no. The difference is in the description of the tasks and responsibilities associated with the role. From the above description you can see that for information security implementation and supervision lie with the same officer, namely the SO. If you want to pull this apart, it is often decided to place one or more ISOs, or SOs, under the CISO.
Would you like to have fulfilled this role within your organization, but do you (currently) have no one available for it? Or do you not know how to start with this? Then I can offer a solution. I can advise you on the implementation of information security within your organization. I pay attention to the type and size of the organization. But above all on how supervision can be guaranteed in the future.
Incidentally, it is important to remember that the ultimate responsibility for implementation never rests with Olthof Support (or any other CISO, PO, FG), but always in line.If you would like to know more about hiring me in the role of Chief Information Security Officer , please contact me.
Data Protection Officer (DPO)
The Dutch Data Protection Authority (AP) is obliged to handle complaints and reports of data breaches. Research has shown that there are more and more of these in the Netherlands. This takes up a lot of the AP's time. As a result, the AP no longer has time for its core task: tackling deliberate violations.
To make more time available for this, the AP encourages organizations to appoint a Data Protection Officer (DPO). Complaints and data breaches can then be dealt with quickly. In practice that will be the work of the DPO.
The DPO is responsible for supervising compliance with privacy laws and regulations, listing and maintaining data processing operations and dealing with questions and complaints from people inside and outside your organization. In addition, the DPO can support the development of internal regulations, give tailored advice on privacy and provide input for the drawing up or adjustment of codes of conduct.
In short, when you appoint a DPO, you minimize the chance of a fine. You will show as an organization that you take privacy seriously.
The problem is, however, that for smaller organizations it's usually too big an investment to appoint a DPO. Above all, it requires considerable effort to keep up with case law and additional legislation. That is why Olthof Support offers the services of an external FG. He or she will keep you informed of the current state of affairs and check whether everything is in order. The FG also conducts the annual internal audit to show that privacy care is well embedded in the organisation.
If you want to know more about this service, you can request a quote directly.