Data Protection Officer
Data Protection Officer (DPO)
Your organisation must appoint a Data Protection Officer if you are a controller or processor of personal data and:
(a) you are a public authority, or,
(b) your core activities consist of processing requiring regular and systematic monitoring [such as CCTV or profiling] of people on a large scale, or,
(c) your core activities consist of processing on a large scale of special category (health etc.) data.
Your DPO must have “professional” qualities and be an expert in both data protection law and practice. They must also have the ability to perform certain tasks such as:-
(a) to inform you and advise you as to your obligations under both GDPR and any other data protection laws;
(b) to monitor your compliance with the above laws, your own policies, to raise awareness amongst staff, input on training and carry out audits;
(c) to advise you in relation to any data protection impact assessment, and,
(d) to cooperate with the Information Commissioner and be your organisational contact point on data protection matters
As a recognition of the importance of this role, the DPO cannot be told how to do their job. They cannot be dismissed or penalised for doing their job. They must be allowed to report directly to the highest management level.
We can undertake this key and important role for you on the basis of a service contract.
You may not be legally required to appoint a DPO but if you do process large amounts of personal data then appointment (although note the obligations above) can bring benefits to your organisation and demonstrate commitment to privacy for individuals.
For further information please contact us.