Does your company need a Data Protection Officer?

Data protection officer

“I can’t in good conscience allow the U.S. government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”
Edward Snowden – American Activist

 

WHEN IS A DATA PROTECTION OFFICER REQUIRED?

An organisation is required to appoint a designated data protection officer where:

  • the processing is carried out by a public authority or body;
  • the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

 

GUIDANCE ON APPROPRIATE QUALIFICATIONS FOR A DPO

The GDPR does not define the professional qualities required or prescribe the training a DPO should undergo to be qualified to undertake the role. This allows organisations to decide on their DPO’s qualifications and training tailored to the context of the organisation’s data processing.

Relevant skills and expertise include:

  • expertise in National and European data protection laws and practices including an in-depth understanding of the GDPR;
  • understanding of the processing operations carried out;
  • understanding of information technologies and data security;
  • knowledge of the business sector and the organisation; and
  • ability to promote a data protection culture within the organisation.

 

The Data Protection Commission recommends that the following non-exhaustive list of factors be taken into consideration when selecting the appropriate DPO training programme:

  • the content and means of the training and assessment;
  • whether training leading to certification is required;
  • the standing of the accrediting body; and
  • whether the training and certification is recognised internationally.

In any case, a DPO should have an appropriate level of expertise in data protection law and practices to enable them to carry out their critical role.

 

NOTIFICATION OF THE DATA PROTECTION COMMISSIONER OF THE APPOINTMENT OF YOUR DATA PROTECTION OFFICER

Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.

 

HOW CAN WE HELP YOU?

Our 4-step process:

CONSULTATION
A consultation with our Data Protection Solicitors will help them to understand the nature of your needs and allow them to strategize the best path forward for you.

 

REVIEW
We review the types of personal data you process.

 

STRESS TEST
Our Data Protection Solicitors will carefully consider whether you require a Data Protection Officer.

 

ADVICES
Based on stages 1, 2 and 3 above our Data Protection Solicitors issue a letter of advices confirming whether you require a Data Protection Officer along with the various option open to you including the placement of one of our Data Protection Solicitors in your organisation.

 

Download the article