Data Protection Officer

Does my organisation need to appoint a Data Protection Officer?

In preparation for GDPR, which came into effect in May, it may or may not be necessary for your organisation to appoint a Data Protection Officer (DPO).However, it isn’t always clear what these deciding factors are.

Below, we’ve outlined whether this is a necessary task for your business. Additionally, you can find what duties the DPO should carry out, should you need one.

What organisations does the GDPR State as needing a Data Protection Officer?

  • If your organisation a public authority
  • Organisations that carry out systematic monitoring of individuals on a large scale
  • Those that process special categories of data such as ethnicity or biometric data
  • Organisations that process information relating to criminal convictions and offences?
Data Processing

You can allocate the role of DPO to one of your existing employees, as long as this will not lead to a conflict of interest with their primary role.

Additionally, the GDPR does not state any qualifications or professional experience that this person must have.

Data Protection Officer Duties

What Duties Does The Role Entail?

  • Informing and advising their organisation’s employees of their obligation to comply with GDPR
  • To monitor their organisation’s compliance with GDPR. This includes managing internal data protection activities, advising on impact assessments, training staff and conducting audits
  • Acting as the first point of contact for supervisory authorities and the data subjects

What are the Duties of the Data Protection Officer’s Employer?

  • Ensuring that the DPO reports to the highest management level
  • Providing the DPO with the opportunity to work independently
  • Preventing the DPO from being dismissed or penalised for performing their duties
  • Providing the necessary resources for the DPO to complete their tasks

Got a Question?

Discover More

how to prevent phishing attacks

We wish to emphasise that Arden Group is a Managed Service Provider and not a legal firm. That means that the views brought forward in this page are not necessarily shared by lawyers or courts.

Arden Group, therefore, does not guarantee that all information is factual and interpreted correctly. If you wish to ensure your advice or your company is legally covered by GDPR, consider consulting legal or specialised advice.

Newsletter Sign-Up.

Sign-up for the latest hints, tips and news from the communications industry.