Skip to main content

Data Protection Officer

What is a Data Protection Officer?

A Data Protection Officer (DPO) is a specialised leadership role, dedicated to data privacy and security. Under the incoming GDPR, the role will be mandatory for many organisations. Common responsibilities of the DPO include:

  • The design and implementation of a data protection strategy.
  • Keeping their organisation informed of what is required by law from the data regulations (GDPR) as well as monitoring to make sure they comply with these requirements.
  • Being the primary contact for the Data Protection Authority and for any individuals they are processing data on.

When would a Data Protection Officer be needed under GDPR?

The below are required by GDPR to appoint a DPO although any organisation may appoint one if they feel it is necessary. Also, depending on their size, a single Data Protection Officer can be appointed to act on behalf of a group of organisations. Those that will have to appoint a DPO:

  • Public Authorities
  • Organisations who monitor individuals (online tracking for example) on a large scale.
  • Organisations who process special kinds of data or data relating to criminal convictions.

Why will Data Protection Officers be important going forward?

The DPOs will provide a central, high-level focal point for data strategies in the future. This is important as GDPR regulations affect the whole of an organisation, therefore a mistake from any employee could land the whole organisation in breach of a rule and liable to fines. It will, therefore, be integral for DPOs to acquire buy-in from the highest levels when implementing processes, people and technology to ensure personal data is always being handled in the individual's best interest.

How can you ensure high level buy-in for your data quality?