Why do I now need to have a Data Protection Officer (DPO)?

GDPR has changed the regulations around the legal requirements for employing or engaging certified Data Protection Services.

The Legal Justification

The organisation:

• Reason No 1 – Is a public authority (except for courts acting in their judicial capacity)
• Reason No 2 – Carries out large scale systematic monitoring of individual (for example online behavioural tracking)
• Reason No 3 – Carries out large scale processing of special categories of data or data relating to criminal convictions and offences)

Our view on this:

We think that if you are processing large amounts of sensitive personal information or information about children then we would advocate hiring a Data Protection Officer or more likely outsourcing this to a company like ourselves.

Business Justification

All businesses are going to be asked about their levels of adherence to GDPR when bidding for new work.

Having a DPO in place demonstrates a much higher level of compliance as the DPO’s role is partly to monitor and assure your compliance on an on-going basis.  This will allow you to be much better placed to win the confidence of prospective clients that you are going to handle data privacy appropriately.

Challenges with Hiring a DPO

These resources are difficult to hire in the current market place and they command a fairly high salary, approximately £70k per annum.

Avoiding the Conflict of Interest

You have to have a DPO without a conflict of interest so that they can be senior enough but act independently as required. Therefore, typically senior management, board members, Directors, functional heads etc cannot be appointed as a DPO.

The Simple and Cost Effective Solution

The easier, cheaper and more cost effective option is to outsource this role.  Data Privacy Services offer the DPO role as a Service.