The General Data Protection Regulation (GDPR) has recently been made law in the European Union. The question is: What are some of its implications for those that either do business in Europe or have dealings with the personal information of European citizens? One answer to that question is that if the GDPR applies to your business, a Data Protection Officer is a key position to think about.
Who is a Data Protection Officer?
Controllers and processors of data, in terms of the GDPR, nominate a Data Protection Officer to help them comply with data protection law. Once nominated, the officer looks into the risks that data processing can expose a business to. The officer helps the business in their attempts to avoid those risks. Basically, the officer is the link between the public (including other businesses that you may work with) and your business, when it comes to the processing of personal information. This means that the public can direct their data protection queries to this officer. The officer will then report directly to management, and must be given all resources necessary to carry out their functions.
Who needs a Data Protection Officer?
The GDPR is very clear on the businesses that require a Data Protection Officer. Businesses that, for example:
- have core operations which include the processing of data through mass systematic and regular monitoring of data subjects; or
- process the special personal information (race, ethnicity, and biometric data) of data subjects on a large scale,
have to appoint a Data Protection Officer. It is also possible for controllers and processors to come together and designate one even when not required to do so by the GDPR.
The GDPR does NOT require every controller and processor to appoint a Data Protection Officer. Private bodies do not have to appoint one if:
- their main activities only involve seldom monitoring data subjects and with little infringement to those data subjects’ rights,
- they do not process special personal information at all, or
- are only processing the special personal information of a small group of data subjects.
How can we help?
We can help you to appoint your Data Protection Officer properly by:
- answering your questions by advising you,
- briefing the head of your organisation (or body) on the role of the officer,
- providing you with a Job Specification or Description so that you can appoint someone within your organisation or recruit a new employee, and by
- giving you a letter of appointment to make sure the person selected knows what their responsibilities are.
If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.