Data Protection Officer

Data Protection Officer (DPO)

Your organisation must appoint a Data Protection Officer if you are a controller or processor of personal data and:

(a) you are a public authority, or,

(b) your core activities consist of processing requiring regular and systematic monitoring [such as CCTV or profiling] of people on a large scale, or,

(c) your core activities consist of processing on a large scale of special category (health etc.) data.

Your DPO must have “professional” qualities and be an expert in both data protection law and practice. They must also have the ability to perform certain tasks such as:-

Data Protection Officer
Data Protection Officer 2

(a) to inform you and advise you as to your obligations under both GDPR and any other data protection laws;
(b) to monitor your compliance with the above laws, your own policies, to raise awareness amongst staff, train them and carry out audits;
(c) to advise you in relation to any data protection impact assessment, and,
(d) to cooperate with the Information Commissioner and be your organisational contact point on data protection matters

As a recognition of the importance of this role, the DPO cannot be told how to do their job. They cannot be dismissed or penalised for doing their job. They must be allowed to report directly to the highest management level.

We can undertake this key and important role for you on the basis of a service contract.

You may not be legally required to appoint a DPO but if you do process large amounts of personal data then appointment (although note the obligations above) can bring benefits to your organisation and ensure that you process personal data properly.

For further information please contact us.

Other Things We Can Help You With

~

Data Protection Officer

Information Security

i

Compliance

Legal Services

U

Gap Analysis

Training

Please contact us to arrange a free no obligation telephone discussion.