A Data Protection Officer (DPO) is a specialised leadership role, dedicated to data privacy and security. Under the incoming GDPR, the role will be mandatory for many organisations. Common responsibilities of the DPO include:
The below are required by GDPR to appoint a DPO although any organisation may appoint one if they feel it is necessary. Also, depending on their size, a single Data Protection Officer can be appointed to act on behalf of a group of organisations. Those that will have to appoint a DPO:
The DPOs will provide a central, high-level focal point for data strategies in the future. This is important as GDPR regulations affect the whole of an organisation, therefore a mistake from any employee could land the whole organisation in breach of a rule and liable to fines. It will, therefore, be integral for DPOs to acquire buy-in from the highest levels when implementing processes, people and technology to ensure personal data is always being handled in the individual's best interest.