The CRO is in charge of leading the effort for enhancing data protection practices within the Group as well as reaching and maintaining compliance with GDPR requirements.
The CRO reports to the Group’s (and Group companies) Board of Directors.
The CRO operates with independence. The responsibilities include the following;
- To inform and advise the Group of companies and its Employees who process data of their obligations pursuant to GDPR and other data protection provisions;
- To monitor compliance with the GDPR, other data protection provisions and this Policy and related documents under the overarching Data Protection Framework;
- To update the Data Protection Framework and related documents in line with Data Protection regulations;
- To provide guidance on carrying out Data Protection Impact Assessments (DPIAs) and to monitor their performance;
- To act as a point of contact for and co-operate with Supervisory Authorities and Data Subjects on issues relating to processing, including prior consultation, and to consult, where appropriate, on any other related matter;
- To determine the need for, make, and keep up-to-date, notifications to applicable Supervisory Authorities as a result of current or intended Personal Data processing activities;
- The establishment and operation of a system providing prompt, accurate and appropriate responses to Data Subject Requests;
- To inform senior managers, officers, and directors of the Group of any potential corporate, civil and criminal penalties which may be levied against us and/or our Employees for violation of Data Protection laws; and
- To establish procedures and contractual clauses for obtaining compliance with this Policy by any Third Party