Outsource your DPO Services
With the advent of GDPR many organisations now find they have to have a Data Protection Officer. This role is defined in legislation and should not be treated lightly as:
- Article 37(5) provides that the DPO ‘shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39’
- Article 38(6) allows DPOs to ‘fulfil other tasks and duties’. It requires, however, that the organisation ensure that ‘any such tasks and duties do not result in a conflict of interests’. As a rule of thumb, conflicting positions within the organisation may include senior management positions (such as chief executive, chief operating, chief financial, chief medical officer, head of marketing department, head of Human Resources or head of IT departments) but also other roles lower down in the organisational structure if such positions or roles lead to the determination of purposes and means of processing.
If your organisation requires a DPO please talk to us about outsourcing the function or training your staff.
- Who can be a DPO?GDPR lays out some parameters describing who can be a DPO. In brief the DPO should be trained in data protection law while the level of expertise required is situational. Like much of this principled based legislation, it is worth looking at the primary texts to understand the concepts. DPO’s background The main texts to consider when ...
- What does a DPO do?The Data protection officers (DPO) is an unusual role, as it has some statutory functions and independence, yet still exists within an organisation’s line structure. GDPR did not introduce the concept of DPO. The practice of appointing a DPO has developed in several Member States over the years since Directive 95/46/EC3 in October 1995. However since the coming into force of GDPR appointing DPOs is now mandatory ...
- Do I need a DPO?There is a certain amount of confusion around Ireland about DPOs after GDPR came into force. In 95% of cases we tell Irish Organisations that they don’t need one. How do we come to that conclusion? It is worth stepping back for a moment and think about what GDPR says about the requirement for DPOs: The Law Article 37(1) of the GDPR mandates ...