Everyone is responsible for keeping personal data confidential. However, the Data Protection Officer (DPO) is a legally recognised position intended to support and oversee an organisation’s accountability for data protection compliance.
Articles 37 to 39 of the General Data Protection Regulation (GDPR) gives details on the DPO and their responsibilities which include informing and advising the business, monitoring compliance with data protection law, providing advice on the completion and management of data protection impact assessments, as well as liaison with supervisory authorities and acting as the contact point within the business.
The DPO should be independent, in so much as they must not receive instruction regarding the exercise of their tasks. In effect there can be no conflict of interest.
It is therefore important that a DPO is assigned who can provide the independent oversight and demonstrate knowledge and skills which will support your organisation’s ability to manage personal data lawfully and ethically.
Many organisations choose to outsource their DPO function to someone who can provide a good level of support, but without the expense of being involved all the time, saving cost and ensuring that the independence of the DPO is never in doubt. Groups of organisations may decide to engage a DPO, where necessary, who supports the group of companies on an agreed basis.
The Information Edge supports all types of business in their data protection programmes. We can provide a number of hours, agreed per month, with specific deliverables or provide data protection advice to those organisations who do not legally need a DPO but that wish to ensure they comply with data protection requirements within the scope of what they do. The Information Edge can work with you as much or a little as you require and tailor the services to suit your needs and budget.
Contact us to find out how we can give your business “the information edge”.