Our services - Data Protection Officer

The DPO is both the conductor of the orchestra and the advisor on personal data protection compliance within the organisation in which he or she works.

What is the role of the DPO ?

Contact us

The DPO’s mission focuses on :

  • identifying the applicable requirements;
  • assessing the state of compliance;
  • assessing external legal and regulatory risks;
  • evaluating potential impact of the processing of personal data on the individuals freedom and rights;
  • implementing and monitoring rules to ensure compliance, while being driven by risks.

 

The DPO is also the point of contact for the supervisory authorities (e.g. the CNIL in France) and for individuals whose data the organisation processes.

The ‘DPO’ function has a different name and may differ from country to country:

  • Data Protection Officer (DPO) according to the EU GDPR.
  • Data Protection Officer (DPO), also, according to the nFADP in Switzerland.
  • Individual Responsible for Compliance according to the Federal Law in Canada (PIPEDA) for the private sector or Law 25 in Quebec.

We can help you navigate the personal data protection laws (GDPR, nFADP, PIPEDA and Canadian provincial laws) as well as soft law (guidelines, reference frameworks) to determine whether you meet the criteria for appointing a DPO, and document your decision.

What qualifications should a DPO have ?

Under the GDPR, the Swiss nFADP and Canadian PIPEDA, the DPO must have the following professional qualifications:

  • Expert knowledge of the applicable laws (GDPR and national law in the relevant member states for a DPO in Europe, nFADP for a DPO in Switzerland, PIPEDA and the relevant provincial laws for a DPO in Canada).
  • Good understanding of processing operations carried out, information systems and data protection and security requirements of the data controller.
  • Knowledge of the controller’s sector of activity and organisation, and, in the case of a public body, a good knowledge of the body’s administrative rules and procedures.

 

Our team of DPOs is recruited on the basis of several years of experience in the health and/or research sector. We invest in updating their knowledge and developing their compliance management tools.

What are the challenges specific to the role of the DPO in healthcare ?

  • The increase and diversification of cyberthreats.
  • The complexity of information systems, resulting from the digital transformation of the healthcare system, including the provision of digital services to patients (teleconsultation, remote monitoring, digital counter, etc.).
  • The obsolescence of digital equipment and software in healthcare establishments.
  • The emergence of new healthcare reference systems: National Health Identifier, Shared Medical Records, etc.
  • Developments in the European legal framework regarding cybersecurity (NIS2 and CER), use of digital data (Data Act and Data Governance Act), European Health Data Space (EHDS) and new EU Rules for Health Technology Assessment (HTA).

What are the challenges specific to the role of the DPO in research ?

Taking into account the requirements of legislations specific to health research, for example:

  • bioethical requirements specific to the processing of genetic data ;
  • requirements concerning deceased persons and the use of their data;
  • requirements for data associated with biological resources used in research ;
  • soft laws and frameworks such as the CNIL Reference Methods or the European Code of Conduct for Clinical Research Service Providers (EUCROF), etc.

Taking into account the expectations from researchers, for example, facilitating and securing the secondary use of existing data for future research.

Taking into account the public expectations, for example: 

  • receiving information easy to understand;
  • contributing to research through patients associations;
  • guaranteeing the public interests purposes of the research conducted.

Why choose ?

  • Our DPOs have the required qualifications to carry out their duties, demonstrated by years of experience in their profession as well as in the healthcare field.
  • Our DPOs are all certified as data protection and privacy professionals.
  • Alcoam by Design is a consulting firm dedicated to DPO and data protection consulting services in the healthcare field. Our sole interest is to provide these services. Our growth is based exclusively on word of mouth, which requires us to conduct each assignment with professionalism.
  • Alcoam by Design has established internal rules for managing its client portfolio and services to prevent any potential conflicts of interest or conflicts of duty.
  • Our external DPO service agreement clearly establishes the requirements of the assignment, particularly with regard to confidentiality, continuity of service, as well as the independence and autonomy of the DPO.

Alcoam by Design is a signatory of the Charter of Deontology from DPOs from AFCDP

Our other services for the protection of health data

Internal or data processoraudit

Find out more >

Training in health personal data privacy

Find out more >

Management of risks in information security and data privacy

Find out more >

And other tailored services to discover

You can put your trust in us to meet your need for compliance in personal data protection and privacy in the health area:

Do you have a specific question related to data protection in the heath area? Ask us your question, and we will be happy to answer it at no cost to you.
Would you like to be put in touch with a member of our customer or partner network, to receive confidential feedback on our services?
Would you like to know more about our company: our working methods, tools and knowledge base, our ability to meet your needs and projects?

Get in touch

All the terms of our discussions are regulated by our personal data protection and privacy policy.

31 Av. Mirabeau, 78000 Versailles
France
+33 (0)1 84 73 20 89

Contact us
Linkedin-in