Oliver Price’s Weekly GDPR Blog #7 – The Data Protection Officer

Last week I explained the requirement for a data protection officer (“DPO”). This week I set out what the role entails and as you will see this is a significant one with wide responsibilities.
The DPO’s role is not given a clear definition. The DPO is expected to ensure compliance with the General Data Protection Regulation (“GDPR”) and so will need to understand the rules and have at least some technical knowledge.
The DPO will need to be able to implement, or at least oversee implementation of the GDPR regime. That means being on top of the policies and procedures as well as whatever is needed to ensure that everyone complies with them.
It is expected that any breaches must be reported quickly and in accordance with the GDPR. The DPO needs to keep on top of the procedure and reporting requirements.
Presently there is no manual for all of this. The UK law and guidance remains unclear. However, now is the time to establish who is best in your company to take on this role, that is assuming that you do need a DPO (see my last blog for more on that). The Information Commissioner has commented that she believes having a DPO will assist in ensuring compliance and for that reason, although it is probably not strictly required, my firm will have one.
16 November 2017

Last updated 17/11/2017