GDPR: The Role of the Data Protection Officer

The GDPR, or General Data Protection Regulations, are due to come into force on 25^th May 2018. GDPR is the new regulation covering data protection issues in the EU. It applies to all countries and all individuals in the EU and is designed to make data protection rules more applicable to the modern world.

Almost all organisations in the UK will be impacted by GDPR. If your organisation or company stores data belonging to residents of EU states, then you will almost certainly be required to comply.

As part of GDPR, some companies and organisations will need to appoint a data protection officer.

What Is a Data Protection Officer?

Organisations that are required to appoint a data protection officer can give the role to a current member of staff, or they can recruit a new employee. There’s also the possibility of outsourcing the role to an external contractor.

The primary role of the data protection officer is to ensure the organisation remains compliant with the new data protection regulations.

What Organisations Must Appoint a Data Protection Officer?

Any organisation can appoint a Data Protection Officer, but it is not mandatory for all organisations. There are three types of organisations for whom it is mandatory to appoint a Data Protection Officer as part of the new GDPR. These organisations fall into one of the categories below:

• Almost all public authorities
• Companies and organisations that regularly monitor individuals on a large scale
• Organisations that process special data categories on a large scale, or organisations that process criminal conviction or criminal offence data

It should be noted that your organisation will still be subject to GDPR, no matter how small, even if you don’t fall into one of the categories above. In addition, it is your responsibility to ensure your organisation has the resources and the necessary skills to meet GDPR requirements.

What Is the Role of a Data Protection Officer?

The regulations outline specific duties the Data Protection Officer must carry out. In performing these duties, he or she must be able to operate independently and be able to report to the board.

The role of a Data Protection Officer is outlined below:

Advice

To ensure the company, its executives, and its employees understand their responsibilities in complying with GDPR.

Monitoring and maintenance

Monitoring the organisation’s GDPR compliance, including conducting data audits. The Data Protection Officer should also manage data protection processes and train staff on data protection issues.

Communication

The Data Protection Officer should be a point of contact for the authorities in relation to data protection matters.

If you fall into one of the categories above, or if you want to appoint a Data Protection Officer voluntarily, the best advice is to start the process now if you haven’t already.