Where the CISO is responsible for the information security policy, the PO (also called legal adviser on privacy), who in this case is not the DPO, is responsible for designing and (if present) monitoring the privacy policy within your organisation. In addition, the PO can support in mapping out the risks, for example by carrying out a Privacy Impact Assessment (PIA). When the privacy policy is established and the PIA's are executed, an implementation plan can be drawn up. Just like the CISO, he or she has an advisory role towards the departments and can answer questions like: How should we share this data? What rules should we abide by? What measures should we impose on the external party?
Do you need support in setting up this function within your organisation? Then I can help you. Together with you, I will look at what the privacy policy for your organisation should look like. In addition, I give advice on how the activities can be secured in your organisation.
If you want to know more about hiring me for the above role, please contact me.