Getting ready for the GDPR requires multidisciplinary skills and approach. Identifying and supporting a member of your staff with responsibility for data protection compliance may be a mandatory requirement for your organisation. But even if it is not, having someone in place undertaking that role will be beneficial to your organisation.
The DPO role will require a solid understanding of the way your organisation operates and a skills set that stretches well beyond an understanding of legal compliance. It must include IT, data security, strategy, communication, risk management etc.
The GDPR is clear that such a role should be appropriately senior and autonomous. They will be expected to be the front-face of data protection for your organisation which will necessarily include dealing with data subjects and the Data Protection Authority.
- DPOs likely to be mandatory for:
- Public authorities.
- Organisations involved in high risk processing.
- Organisations processing special categories of data.
- DPO must be suitably experienced and skilled.
- Has set tasks including:
- Inform & advise organisation of obligations.
- Monitor compliance including awareness raising, staff training, audits.
- Cooperate with Data Protection Authority and act as contact point.
- Can be shared with other organisations or have other functions too but none that conflict.