Many larger organisations will be required to have a Data Protection Officer (DPO) in place, but does this relate to you?
Whether you need a DPO in place is dependent on the processing carried out by that organisation. You will require a DPO if you:
> are a public authority
> carry out regular and systematic monitoring (tracking and profiling) of individuals on a large scale as part of your core activity; or
> carry out large scale processing of special categories of data or data relating to criminal convictions and offences as part of your core activity.
You may also look to appoint a DPO because you believe this is the right thing to do for your organisation, being that you take responsibility for the personal data that you process and want to ensure that you are doing the right thing by your customers or employees, so although you may not need a DPO, appointing one can have its advantages to you as an organisation.
A DPO can help you to operate within the law by providing relevant, timely advice and help to monitor to compliance, enabling you to achieve and improve accountability – one of the key requirements of GDPR.
A DPO will carry out certain tasks, including:
> informing and advising the business of their obligations under data protection laws
> monitoring compliance
> providing advice on data protection impact assessments (DPIA)
> cooperating with the ICO
> acting as a point of contact for the ICO.
Having someone in place to carry out these tasks can take the headache away from the needing to focus on these things allowing you to do what you do best – run your business.
Most larger companies will have someone inhouse working on these tasks and keeping the business on the right track, however smaller organisations may not have the funds, workload or the resources to employee someone full time, but still require a DPO or see the benefit in having on if they are not obligated to have one.
Outsourcing your DPO responsibilities, is one way for smaller businesses to affordably make sure that they have the right protection in place regarding data protection and also allows those smaller businesses to consider the option of a DPO, whereas without outsourcing they simply wouldn’t have the funds or workload to employee someone on a full time basis.
The salaries for a full time DPO range depending on locations, size of business, risk to business etc. but we’ve seen jobs being advertised today with salaries of upwards of £100,000! Outsourcing can significantly reduce this cost to a manageable monthly fee and also ensure that you have the relevant level of independent expertise that you may not have if you recruit someone internally.
It also means that there is no conflict of interest as your external DPO will not be caught up in any internal business activities that may impact the decisions made around the application of Data Protection.
Whether you decide to outsource or recruit internally is ultimately down to you, but being accountable and taking responsibility for the personal data that you process on a day to day basis and treating personal data with respect builds trust and can enhance your reputation as an organisation, so although you may not be required to appoint one, it is still something that you should give thought to.
- Log in to post comments