LET'S TALK: 08002425282
  • SUPPORT
  • LOGIN

vNews

vNews

virtualROI are a B2B digital marketing agency offering a full range of digital services and solutions.

T 0800 2 42 52 82
Email: info@virtualroi.com

virtualROI Ltd.
8 Burman Close, Leamington Spa, CV32 6HU

Open in Google Maps
  • HOME
  • ABOUT
    • CLIENTS
    • BROCHURE
    • EBOOK
    • NEWSLETTERS
  • TESTIMONIALS
  • SERVICES
    • EMAIL
    • DATA
      • GDPR
    • DESIGN
    • TELEMARKETING
    • TECHNOLOGY
      • MRM PLATFORM
    • SOCIAL
    • WEB
    • CONSULTANCY
      • MARKETING AUTOMATION READINESS SURVEY
  • vNEWS
  • FUN
  • CONTACT
FREE DESIGN REVIEW
  • Home
  • Data
  • Who is the DPO?
14th December 2019
0
virtualROI
Thursday, 05 October 2017 / Published in Data, GDPR

Who is the DPO?

The DPO, a three-letter acronym that strikes fear in the heart of many companies and people alike. But does every company need a Data Protection Officer? Let alone know what qualities and skills that individual should possess?

Initially it is vital to understand whether your company would actually be required to appoint a DPO according to the GDPR (General Data Protection Regulation). Article 37 within the most up to date version of the GDPR states that a company who controls or processes personal data must designate a DPO in three situations. These three situations are listed below:
 

  • Where the processing is carried out by a public body.
  • Where the core activities require regular and systematic monitoring of data subjects on a large scale.
  • Where core activities of controller or processor involve large-scale processing of sensitive personal.

 Definitions of ‘core’ and ‘large scale’

So, what are the definitions of ‘large scale’ and ‘core’? Well unfortunately this is still somewhat of a grey area within the GDPR. Although it does provide guidance, it is not fully understood what the definitions will ultimately be.

For ‘large scale’ the GDPR suggests that it means “processing a considerable amount of personal data at regional, national or supranational level and which could affect a large number of data subjects.” However, it does not include the processing of personal data about patients or clients by an individual physician or lawyer. This is still a grey area….

For ‘core’ the recitals of the GDPR clarify that the core activities of an entity are a company’s primary activities and do not relate to the processing of personal data as an ancillary activity. Therefore, it would be fair to assume that for example, the processing by controllers and processers of their own employee data does not qualify as a core activity.

When deciding whether you must appoint a DPO it is vital to assess how ‘core’ and ‘large scale’ could be viewed within your organisation in relation to its main business activity with common sense prevailing and if in any doubt whatsoever if would be worth seeking advice from your legal team.

It is also of great importance to remember that any organisation can appoint a DPO but regardless of whether the GDPR obliges you to appoint a DPO or not, you must ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR.

If decided that the appointment of a DPO is necessary, it is now the time to start thinking about the practical requirements for the organisation, the impact on the employer in relation to the appointment of a DPO and the employer’s responsibilities to the DPO as well as what the tasks and responsibilities will be of the DPO and the skill set that person will require.

Designation of a Data Protection Officer

From an organisational point of view, Article 37 (Designation of a Data Protection Officer) advises that:

  • Where controller or processor is a public authority a single DPO may be appointed for several such authorities depending on structure and size.
  • DPO designated on the basis of professional qualities and knowledge of data protection law, but not necessarily legally qualified.
  • Controller or processor must publish DPO contact details and notify the relevant supervisory authority.

 Position of the Data Protection Officer

Further to this, Article 38 (Position of the Data Protection Officer) goes into more detail reference the employer’s responsibilities toward the DPO:

  • Controller and processor must ensure proper and timely involvement of the DPO.
  • Controller and processor must provide support through necessary resources whilst providing data subjects clear access to the DPO.
  • DPO has a large degree of independence and should have direct access to highest management.
  • In addition, there must be no conflict of interest arising from additional tasks or duties: “This entails in particular that the DPO cannot hold a position within the organisation that leads him or her to determine the purposes and the means of the processing of personal data.” (Working Party 29 Guidance).

 Tasks of the Data Protection Officer

Once appointed, what are the tasks of the Data Protection Officer? Article 39 (Tasks of the Data Protection Officer) covers the minimum requirements:

  • To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
  • To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
  • To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).

It is therefore vital that the right person (either from within the organisation or externally) is appointed and with all of this in mind what skills should a DPO have? When looking to appoint one what should you be looking for? Well, the GDPR does not specify the precise credentials a DPO is expected to have but it does require that they should have professional experience and knowledge of data protection law and that this should be proportionate to the type of processing your organisation carries out, taking into consideration the level of protection the personal data requires.

 Key skills to consider

Below is a non-definitive list of some key skills to consider when appointing a DPO.

  • A DPO must be able to articulate ‘privacy by design and by default’ to delivery functions within the organisation.
  • They should have a good understanding of risk management and risk assessments and be able to carry out DPIA’s (Data Protection Impact Assessments).
  • Should be able to coordinate and advise on data breaches and notification and make cyber security incident response processes work.
  • Should be able to carry out and interpret internal audits against compliance requirements.
  • Have familiarity with codes of conduct for industry sector and a good understanding of compliance standards and data marks.
  • Lead co-operation with supervisory authority and probably most importantly have excellent communication skills.

In conclusion, it should be remembered that the DPO is a strategic role that develops, coordinates and manages an organisation’s privacy strategy, ensures that operations and business practices adhere to applicable privacy laws and ensures privacy considerations and processes are incorporated into business practices ensuring that not only is compliancy achieved but also maintained.

If you’re ready to get your organisation up to speed on GDPR, please visit this page to learn more.

(Visited 140 times, 1 visits today)

WHATS YOUR MARKETING CHALLENGE

What you can read next

How prepared are you for GDPR?
Accelerate business growth by understanding data
Do you know your data universe?

Quick Links

Recent Posts

  • How to adapt your telco marketing to the B2B arena

    How to adapt your telco marketing to the B2B arena

    Telecommunications companies face a challenge: ...
  • Five ways to win at telecoms marketing in 2019

    Five ways to win at telecoms marketing in 2019

    A recent report from the accountancy firm PWC p...
  • Asses your process for success

    Asses your process for success

    At the beginning, a global marketing strategy g...
  • Moving into a new localised market?

    Moving into a new localised market?

    Whether you’re planning on taking over the worl...
  • How to plan for global marketing success

    How to plan for global marketing success

    Implementing a global marketing initiative requ...

Popular Posts

  • How design can fuel your brandHow design can fuel your brand Digital marketing is driven by the visual cues…
  • Understanding the difference between Telesales and TelemarketingUnderstanding the difference between Telesales and Telemarketing So what actually is the difference between telemarketing…
  • Ten 'must know' facts about GDPRTen ‘must know’ facts about GDPR The UK’s current data protection legislation is changing…
  • To PIA or not to PIA… is no longer the questionTo PIA or not to PIA… is no longer the question With GDPR looming, businesses need effective tools to…
  • The truth about Outlook 2013The truth about Outlook 2013 With the launch of the new version, we…

CONTACT

If you would like to discuss this topic further, then please get in touch.

GET IN TOUCH

IMPORTANT LINKS

  • Sitemap
  • Cookies Policy
  • Agency Partnerships
  • Privacy Policy
  • Terms & Conditions
  • Newsletters

NEWSLETTER SIGN-UP

By subscribing to the vNews newsletter you will always be updated with the latest on marketing knowhow and best practice.

GET IN TOUCH

T 0800 2 42 52 82
Email: info@virtualroi.com

Registered Office: virtualROI Ltd.,
8 Burman Close, Leamington Spa, CV32 6HU
Open in Google Maps

Thames Valley Office: virtualROI Ltd.,
Davidson House, The Forbury, Reading, RG1 3EU
Open in Google Maps

11 hours agoThe 10 Best Types of #Video For #DigitalMarketing... https://t.co/0t9JiIv7e1 https://t.co/QtArB988Ha
14 hours agoWe developed a customisable interactive game for online and touch-screen use for Ibstock Brick! 🙌 It was a comple… https://t.co/uBwKmJnnQQ
17 hours agoApple celebrates the best #apps and #games of 2019... 🎉 https://t.co/HTh9d43PFc https://t.co/kieM2sTmuP
20 hours agoNeed a #telemarketing campaign? ☎️ Our profiling and list building service enables improved targeting at a company… https://t.co/IrSK3mjqme
21 hours agoRT @StevenMacd0nald: Are you using chatbots yet? Find out how they can help even small businesses offer better customer service - Talented…
Follow @virtualROI
  • Tweet
  • GET SOCIAL
vNews

© 2019 virtualROI Ltd. All Rights Reserved.

TOP