Do you need a Data Protection Officer (DPO)?
Under GDPR legislation you must appoint a DPO if:
- you are a public authority or body
- your core activities require large scale, regular and systematic monitoring of individuals
- your core activities consist of large scale processing of special categories of data
You can of course appoint a DPO even if you aren’t required to by the legislation. Regardless of whether you must appoint a DPO or not, you must ensure that your organisation has sufficient resources to discharge your obligations under the GDPR.
You can use the ICO tool to help you determine if you require a DPO:
Your DPO can be an employee of your organisation or externally appointed.
What can the DPO service do for you?
If you are considering an external appointment rather recruiting directly into a DPO role, we can help.
We offer a competitive service tailored to your requirements.
The DPO is primarily concerned with:
- Ensuring compliance to good data protection
- Day-to-day support and advice
- Assistance with policies and guidance material
- Support with data flow audits, data protection impact assessments, and data sharing contracts
- Delivering IG training for staff
- Support and advice for the new “Data Protection and Security Toolkit”
- Incident Management support, including incident scoring, mitigation advice, and liaison with the ICO where necessary