Does my organisation need a Data Protection Officer?

In preparation for GDPR, which comes into effect in May, it may or may not be necessary for your organisation to appoint a Data Protection Officer (DPO), depending on your circumstances. However, it isn’t always clear what these deciding factors are. We’re going to outline whether this is a necessary task for your business, and what duties the DPO should carry out, should you need one.

When does the GDPR State you Need a Data Protection Officer?

  • Is your organisation a public authority?
  • Does your organisation carry out systematic monitoring of individuals on a large scale?
  • Does your organisation process special categories of data such as ethnicity or biometric data?
  • Does your organisation process information relating to criminal convictions and offences?

If you answered yes to any of these questions, it is necessary for you to appoint a DPO.

You can allocate the role of DPO to one of your existing employees, as long as this will not lead to a conflict of interest with their primary role. The GDPR does not state any qualifications or professional experience that this person must have.

Data Processing

Data Protection Officer Duties

What Duties Does The Role Entail?

  • Informing and advising their organisation’s employees of their obligation to comply with GDPR
  • To monitor their organisation’s compliance with GDPR. This includes managing internal data protection activities, advising on impact assessments, training staff and conducting audits
  • Acting as the first point of contact for supervisory authorities and the data subjects

What are the Duties of the Data Protection Officer’s Employer?

  • They must ensure that the DPO reports to the highest management level
  • They must ensure that the DPO is able to work independently
  • They must prevent the DPO from being dismissed or penalised for performing their duties
  • They must provide the necessary resources for the DPO to complete their tasks

Got a Question?

Discover More

GDPR Compliance Series

We wish to emphasise that Arden Group is a Managed Service Provider and not a legal firm. That means that the views brought forward in this page are not necessarily shared by lawyers or courts.

Arden Group, therefore, does not guarantee that all information is factual and interpreted correctly. If you wish to ensure your advice or your company is legally covered by GDPR, consider consulting legal or specialised advice.

Newsletter Sign-Up.

Sign-up for the latest hints, tips and news from the communications industry.