We support organisations to ascertain if they need to appoint a designated Data Protection Officer (DDPO). It is an offence not to appoint a DDPO if one is required.
In certain circumstances a DPO must be appointed :
- If the processing is carried out by a public authority or body;
- If the ‘core activities’ require regular and systematic monitoring of individuals on a large scale
- If the core activities consist of processing on a large scale of ‘special categories of data’ or personal data relating to criminal convictions and offences.
However, there may be serious HR implications of appointing a DPO
- “The controller and processor shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks” Article 38 (3) – Cannot direct
- “[The DPO] shall not be dismissed or penalised … for performing his tasks” Article 38 (3) – Cannot fire!
- “Tasks and duties do not result in a conflict of interests” Article 38 (6)- Not the CEO, IT or HR manager
- The DDPO must be independent and have expert knowledge in the area of Data Protection.
Outsource to our team of expert and qualified Data Protection Officers, who will provide the proactive service your organisation needs, to ensure compliance with the GDPR and Data Protection Acts.