Should an organisation hire a Data Protection Officer (DPO) to comply with the GDPR? - Jaz'ing Up GDPR!
 Login | Forgot Password | My Account | Contact

Should an organisation hire a Data Protection Officer (DPO) to comply with the GDPR?

A Data Protection Officer (DPO) is someone who’s given formal responsibility for data protection and compliance within an organisation. That person could be an employee or an external professional. The GDPR introduces new rules that will require many – but not all – organisations to appoint a DPO.

Article 37 of the Regulation states that a DPO must be appointed if:

  • the relevant data processing activity is carried out by a public authority or body
  • the core activities of the business involve regular and systematic monitoring of individuals on a large scale, or
  • the core activities of the relevant business involve processing of sensitive personal data or data relating to criminal convictions, on a large scale

‘Core activities’ refers to the activities needed for the organisation to achieve its main objectives. So the Processing of health data by a private medical practice would certainly be a core activity, while supporting activities, payroll, for instance, would not.

A number of factors have to be taken into account when determining whether the activities are ‘large scale’. These include the number of Data Subjects involved, the volume of data items, the duration of the Processing and the geographical extent of the Processing.

So if you conclude your organisation needs a DPO to stay on the right side of the law, do you have to appoint someone externally? Not necessarily. A DPO can be an existing employee and for many organisations it will be possible to combine this formal role with other duties.

However, it’s crucial that the DPO has a sound working knowledge of data protection law and best practice. The DPO must be able to report directly to the highest management level, without interference, and the role mustn’t conflict with any other role they’re performing.

Where can I find out more information about {term}?

The Jaz'ing Up GDPR! book covers {term} in more detail in a fun and easy to understand way without all of the bureaucratic legalise that is common in all other books and discussions about the GDPR.

The book is full of cartoons and call outs to make it easier to grasp what GDPR is all about and is split into 3 main sections.

  • GDPR Nuts and Bolts explains everything you need to know about the GDPR and {term}.
  • Staff Toolbox that is designed for staff who work with personal data and need to get a grounding on the subject.
  • Your Rights as a Data Subject is written from the point of view of the individual person who is affected by the GDPR so that they know there rights and the types of things they will be asking for.

Find out more about the book here.

Was this answer helpful?
No 0
The information provided on this website is for educational purposes only and does not constitute legal advice. We recommend that you take the appropriate legal advice where you think it is needed.


Our website uses cookies. By continuing to use our site you are agreeing to our Cookie Policy. Please press the Accept button to allow our website to use cookies to provide you with the full features available.