Responsibility for data protection is everyone’s. However, the Data Protection Officer (DPO) is a legally recognised position intended to support and oversee a businesses accountability for data protection compliance.
Articles 37 to 39 of the GDPR gives details on the DPO and their responsibilities which include informing and advising the business, monitor compliance with data protection law, provide advice in the completion and management of data protection impact assessments as well as liaise with supervisory authorities and act as the contact point within the business.
The DPO should be independent, in so much as they must not receive instruction regarding the exercise of their tasks. In effect there can be no conflict of interest.
It is therefore important that a DPO is assigned who can provide the independent oversight and demonstrate knowledge and skills which will support the organisations ability to manage personal data lawfully and ethically.
Many organisations choose to outsource their DPO function to someone who can provide a good level of support, but without the expense of being involved all the time, saving cost and ensuring that the independence of the DPO is never in doubt.
The Information Edge supports all types of business in their data protection programmes. Providing a number of hours, as agreed, per month with specific deliverables at key times, The Information Edge can work with you as much or a little as you require.
Contact us to find out how we can give your business “the information edge”.