Why do I now need to have a Data Protection Officer (DPO)?
GDPR has changed the regulations around the legal requirements for employing or engaging certified Data Protection Services.
The Legal Justification
The organisation:
- Reason No 1 – Is a public authority (except for courts acting in their judicial capacity)
- Reason No 2 – Carries out large scale systematic monitoring of individual (for example online behavioural tracking)
- Reason No 3 – Carries out large scale processing of special categories of data or data relating to criminal convictions and offences)
Our view on this:
We think that if you are processing large amounts of sensitive personal information or information about children then we would advocate hiring a Data Protection Officer or more likely outsourcing this to a company like ourselves.
Business Justification
All businesses are going to be asked about their levels of adherence to GDPR when bidding for new work.
Having a DPO in place demonstrates a much higher level of compliance as the DPO’s role is partly to monitor and assure your compliance on an on-going basis. This will allow you to be much better placed to win the confidence of prospective clients that you are going to handle data privacy appropriately.
Challenges with Hiring a DPO
These resources are difficult to hire in the current market place and they command a fairly high salary, approximately £70k per annum.
Avoiding the Conflict of Interest
You have to have a DPO without a conflict of interest so that they can be senior enough but act independently as required. Therefore, typically senior management, board members, Directors, functional heads etc cannot be appointed as a DPO.
The Simple and Cost Effective Solution
The easier, cheaper and more cost effective option is to outsource this role. Data Privacy Services offer the DPO role as a Service.