The Data Protection Officer (DPO) is a new role introduced by the "General Data Protection Regulations" (GDPR).
The DPO assumes the position of being the data protection expert within the organisation. They become the link between both the public and the organisation’s employees on all matters relating to the processing of personal information held, and any questions relating to data protection queries are directed to the DPO.
Do I need a DPO
Well, under the GDPR, you must appoint a data protection officer (DPO) if you:
- Are a public authority (except for courts acting in their judicial capacity);
- Carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or
- Carry out large scale processing of special categories of data or data relating to criminal convictions and offences.
That said, regardless of shape, size, or type of data processing your business conducts, your business must have sufficient staff and skills to meet your obligations under the GDPR. That means, if you don't have the skills in-house, you either need to recruit, or out-source.
The good news is that you can appoint a single Data Protection Officer to act for a group of companies, taking into account their structure and size.
What does a DPO do
At the most basic level, a DPO's responsibilities are to:
- Educate the company and employees on compliance requirements
- Train staff involved in data processing
- Conduct audits to make sure the business complies and to address potential issues proactively
- Serve as the point of contact between the company and GDPR Supervisory Authorities
- Monitor performance and provide advice on the impact of data protection efforts
- Maintain comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities (which must be made public on request)
- Interface with data subjects to inform them about how their data is being used, their rights to have their personal data erased and what measures the company has put in place to protect their personal information
If you want to know more about the role, you can read more in Article 39.
Can I outsource the DPO role
Yes! Glad you asked.
It is possible to effectively ‘share’ a DPO by working with other organisations – provided that the DPO is easily accessible and there are no conflicts of interest.
Another option is to engage an external consultant (like ADL Consulting), qualified to do the role as and when required. This may particularly suit small to medium sized businesses which may not have the budget or the need for a full-time DPO.
Smaller organisations may also find that DPO responsibilities are a challenge to deliver, given the breadth of knowledge required.
I need help
If you'd like to talk to us about outsourcing your DPO role to us, please get in touch:
01530 637 833
Share this article
If you found this article helpful, please Tweet, Pinterest, Linkedin, Facebook - do what you do to share it with others you think will benefit from reading it. Thank you!
If you'd like help with GDPR please
give us a call on: 01530 637 833
We look forward to speaking with you soon!