The GDPR: Should you Appoint a Data Protection Officer?
First things first, what is the role of a Data Protection Officer?
In a nutshell, Data Protection Officers (DPO) are responsible for the overseeing of a strategy to conform to the GDPR guidelines and also to ensure that this is implemented.
The GDPR requires you to:
- publish the contact details of your DPO; and
- provide them to the ICO.
Is the DPO responsible for compliance?
The DPO isn’t personally liable for data protection compliance. As the controller or processor, it remains your responsibility to comply with the GDPR. Nevertheless, the DPO clearly plays a crucial role in helping you to fulfil your organisation’s data protection obligations.
This is to enable individuals, your employees and the ICO to contact the DPO as needed. You aren’t required to include the name of the DPO when publishing their contact details, but you can choose to provide this if you think it’s necessary or helpful.
The ICO states that under the GDPR you must appoint a DPO if:
- You are a public authority (except for courts acting in their judicial capacity);
- Your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
- Your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
It is good practice to record the decision if you do not decide to appoint a DPO, this is to demonstrate compliance with the accountability principle.
We understand you may have questions, ilicomm can assist you on your GDPR journey.
ilicomm have over 25 years of delivering cost effective information security and regulatory compliance solutions. Contact us to discover how we can use this experience to reduce your costs of GDPR compliance.