Many people attending our certified EU GDPR training courses want to learn more about the role of the Data Protection Officer (DPO).
In this blog , we look at what the DPO role typically entails and why the DPO is important.
According to the new European General Data Protection Regulation (GDPR), the DPO oversees all data protection activities within an organisation. They will be the first point of contact for data protection issues within the workplace. This is a key advisory role, providing much needed guidance on the identification and management of privacy risks.
Essentially, the DPO is a compliance officer and must have the freedom to act independently or in an independent manner. They can in no way be instructed on how to investigate a complaint or what result should be achieved. They can also not be instructed on whether to give notification of a breach or contact the supervisory authority. Many senior management teams may not agree with this but, under the GDPR, a DPO cannot be penalised or dismissed for performing their tasks.
The DPO reports to senior management and should at all times be accessible to and approachable by any employee involved in the life cycle of personal data. The appointment of a DPO is not just a tick-box exercise for senior management on the route to GDPR compliance.
This is a ‘buck stops here’ role; the DPO must report directly to the CEO or the most senior employees. It cannot become a middle management job.
Are you trying to establish if your organisation requires a DPO? Or have you been asked to be the DPO for your organisation and are not sure what this entails?