Do I need to appoint a DPO?

Talk of the GDPR is everywhere. Under the regulation, depending on the amount and type of data you process, you may be obliged to appoint a data protection officer. Yet, who do you have in mind? Are they already a full-fledged DPO, capable of managing and supporting the wider team with all data protection requirements, or is this a new role?

Before we delve into what it means to be a DPO, you may be asking yourself, "Does my organisation actually need a DPO?" Take a quick moment and answer our quick survey, which can help you determine if appointing a DPO would be beneficial under the GDPR and best practice for your organisation.

TIP: Take a screenshot of the results page and store this as part of your accountability record.

If the above survey suggests you should appoint a DPO, you must now consider who would be the best person to fit the role. Our recent blog on 'Where does the Data Protection Officer sit within the organisation' is good reading too and will help guide you on resourcing the best person for the job

Is the what, why and how are a little unclear?

If you are the chosen one, appointed to the (new) role of Data Protection Officer, it can feel a little daunting in terms of what you should be doing (in addition to your regular day job). You may be pleased to learn, we recently introduced a Data Protection Officer training course, designed especially for those new to the role of DPO.  

This two-day course, delivered through class-based learning at a central venue in St. Helier, Jersey is led by our dedicated GDPR Training trainer, Pete Sanders. 

What will I learn?

The course includes learning about the role of the DPO and risk management. As a DPO, it will be your responsibility to ensure your people are aware of data protection best practice and employ this in their day-to-day work. As such, you'll likely be responsible for delivering training courses on the subject (or at least liaising with your L&D or HR team to support this). Within the course, you will learn how to plan and conduct training courses for greatest effect.

The second day begins with a personal data audit, so you can learn how to identify what data, its type and where and how it is stored in your organisation. A great first step in measuring the value and importance of your data against the GDPR.

As a DPO you will also need to know and understand cybersecurity. The course, covers:

  • Technology and IT security
  • People and process security
  • Physical security

Aimed at: Anyone who wishes to understand or undertake the role of Data Protection Officer.

The General Data Protection Regulation comes into force on May 25, 2018. One of the new mandatory requirements is that all public authorities and many private businesses will need to appoint a Data Protection Officer.

The few businesses which are exempt will probably find it expedient to appoint DPOs as well. The penalties for breaching the GDPR can be very serious so many organisations will be incentivised to appoint and resource this role. To be compatible with the GDPR the DPO must fulfil certain criteria and have a well-defined set of skills.