Data Protection Officers
Roles and responsibilities of the Chief Data Protection Officer and Data Protection Officers
Chief Data Protection Officer (Chief DPO) | |
(a) | Handling data access and correction requests raised to the University |
| |
(b) | Managing data breach incidents |
| |
(c) | Providing consultation and advice to data privacy-related matters |
| |
(d) | Reporting to the Personal Data Privacy Committee |
| |
(e) | Handling data public communications relating to data privacy |
| |
(f) | Monitoring Privacy Impact Assessments (PIAs) |
| |
(g) | Maintaining Privacy Policy Statement (PPS) and Personal Information Collection Statement (PICS) |
| |
(h) | Monitoring and reviewing personal data handling |
| |
(i) | Annual reviewing the effectiveness of data privacy and protection related controls |
| |
Data Protection Officers | |
(a) | Managing matters relating to data privacy of his/her own department/Faculty/unit, and representing his/her department/Faculty/unit to communicate with the Chief DPO |
(b) | Updating personal data inventory of his/her department/Faculty/unit annually |
(c) | Carrying out periodic risk assessments within his/her department/Faculty/unit and submitting the review report to the Chief DPO |
(d) | Ensuring PICS prepared by his/her department/Faculty/unit is consistent with the requires under the Personal Data (Privacy) Ordinance, and submitting the PICS to the Chief DPO for review before adoption for use |
(e) | Assisting the Chief DPO in carrying out the ongoing assessment and revision of the Privacy Management Programme |
Data Privacy Governance Framework and Reporting Structure | |