The GDPR big question – do I really need a Data Protection Officer for my business?
Well, yes! Some businesses are mandated to have a DPO. Everyone else should think about the following question – would I place accounts, tax papers or legal matters in the hands of a non-specialist?
The GDPR states that you need to appoint a data protection officer (DPO) if you are a public authority or body, or if you are a business that uses certain types of processing activities involving people’s personal data or your core activities require large scale, regular and systematic monitoring of individuals. Clear? What does this mean?
Article 37 of the GDPR states that schools, health centres, accountancy firms, legal businesses, charities and 2C organisations are all affected. In today’s world whether it’s your customer or your own supply chain, everyone needs to show that you are taking data protection seriously. One way of doing this is by appointing a DPO just like when we appoint auditors or accountants.
DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs), breaches and the implementing of data protection rights and act as a contact point for individuals and authorities alike.
The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. They can be an existing employee or externally appointed. In some cases several organisations such as a group of companies can appoint a single DPO between them. For clarification, if you’re involved in a data process or you are a data controller, you cannot be appointed as a DPO.
The benefits of using an external DPO
It may be that (particularly small) businesses may find the responsibilities of a DPO quite daunting, especially given the breadth of knowledge required of data processing and data security operations. You are however, allowed to outsource this service.
Outsourcing DPO tasks and duties to DLM means you get access to expert advice and guidance via webinars that will help you address the GDPR’s compliance demands while staying focused on your business. The other benefit of course is that it is a cost-effective way to achieve GDPR compliance with access to independent DPO expertise; there’s no conflict of interest between the DPO and other business activities and you will have access to GDPR training and compliance solutions.
Why is this important?
It is not just the regulator that you want to appease, it’s your supply chain, customers and staff. Anyone who doesn’t deal with a breach or subject access request, faces the potential of fines.
Call us today for the best advice regarding Data Protection Officers.