The ICRC Data Protection Office (DPO) is the ICRC's supervisory body with regards to all personal data protection matters. It is empowered to perform its duties and exercise its functions with complete independence, and acts as the essential component for the protection of individuals with regard to the Processing of their Personal data.
The ICRC DPO monitors the application of the provisions of the ICRC Rules on the Protection of Personal Data and contributes to its consistent application throughout the Operations of the ICRC, in order to protect natural persons in relation to the Processing of their Personal data.
In the case where a legal or natural person considers that their rights have been infringed under the ICRC Rules on Data Protection, the ICRC DPO may refer the matter to the ICRC Data Protection Independent Commission which will examine the case and make a decision.
Along with these main tasks, the ICRC DPO is also responsible for the following tasks:
- monitoring the implementation of the ICRC Rules on Personal Data Protection with regard to data protection by design and by default;
- monitoring whether Data Protection Impact Assessments are carried out by the ICRC Staff in Charge or a Processor, in accordance with the ICRC Rules on Personal Data Protection;
- maintaining records of all categories of Processing activity within its responsibility;
- approving the creation of or alterations to a database;
- devising training modules; and
- ensuring that these rules are regularly reviewed in light of developments in the regulatory sphere, and/or in response to the need to adapt them to changes in ICRC activities.