DPP
Data Protection Officers
Roles and responsibilities of the Chief Data Protection Officer and Data Protection Officers
Chief Data Protection Officer (Chief DPO)
- Handling data access and correction requests raised to the University
- Processing personal data access and correction requests with the assistance from the DPOs
- Managing data breach incidents
- Coordinating and monitoring the handling of data breach incidents
- Providing advice to affected Departments/Units via internal and external notifications
- Conducting investigations and post-incident reviews
- Providing consultation and advice to data privacy-related matters
- Providing advice to Departments/Units on data processor management
- Coordinating training and education
- Reporting to the Personal Data Privacy Committee
- Reporting data privacy-related updates including identified non-compliance issues, implementation status of Privacy Management Programme, etc.
- Handling data public communications relating to data privacy
- Handling public communications, including reviewing response prepared by Data Protection Officers on privacy complaints and enquiries in relations to personal data
- Monitoring Privacy Impact Assessments (PIAs)
- Monitoring, reviewing and providing advice on conducting PIAs
- Maintaining Privacy Policy Statement (PPS) and Personal Information Collection Statement (PICS)
- Monitoring, reviewing and providing advice on the preparation of PPS and PICS before it is officially presented to the public in any external communications
- Monitoring and reviewing personal data handling
- Initiating and monitoring the annual personal data inventory review exercise and records disposal exercise conducted by DPOs
- Reviewing data extraction request to ensure it is only approved for valid reasons
- Annual reviewing the effectiveness of data privacy and protection related controls
- Preparing an oversight over data privacy and protection controls
- Executing an annual review plan to ensure full compliance with the data privacy requirements
Data Protection Officers
- Managing matters relating to data privacy of his/her own department/Faculty/unit, and representing his/her department/Faculty/unit to communicate with the Chief DPO
- Updating personal data inventory of his/her department/Faculty/unit annually
- Carrying out periodic risk assessments within his/her department/Faculty/unit and submitting the review report to the Chief DPO
- Ensuring PICS prepared by his/her department/Faculty/unit is consistent with the requires under the Personal Data (Privacy) Ordinance, and submitting the PICS to the Chief DPO for review before adoption for use
- Assisting the Chief DPO in carrying out the ongoing assessment and revision of the Privacy Management Programme
Data Privacy Governance Framework and Reporting Structure