Are you required to appoint a Data Protection Officer (DPO) or do you have a Data Protection Coordinator or compliance team?  A Data Protection Officer and their team see to it that a company or organisation complies with the laws protecting individuals' personal data. The allocation and tasks of a DPO within an organisation are described in Articles 37(1), 38(2) and 39(3) of the EU General Data Protection Regulation (GDPR).

Being a Data Protection Officer or Coordinator can at times be a lonely role. People liken the role to that of an internal auditor within a business. Under the GDPR it is required of the DPO to report directly to the highest management level. Data Protection Officers must have direct access to give advice to senior managers who are decision-makers in personal data processing. The role of a DPO is considered so important that there are additional protections from being laid off. That speaks volumes to the value of a DPO. Data Protection Officers carry big responsibilities and at times do need professional support. I provide this support with expertise and compassion.

Subject Access Requests (SARs), also known as Data Subject Access Requests (DSARs), are simply written requests made by or on behalf of data subjects to determine whether processing is occurring of their personal data and to be given access to the personal data that is being processed by the business. These requests may cover additional information and there are other rights that a data subject may exercise under this process. Your business is likely to notice an increase in these types of requests now that the GDPR has simplified the process and removed barriers such as charging a fee to make the requests. Sets of rules around these requests and exercising of other rights can be quite complex to navigate through. All these requests should be channelled through your data protection officer and they should ultimately deal with them on behalf of your business.  I provide procedure development consulting, training and support for subject access requests.


Are you prepared for an incident or data breach within your business? Are your staff trained to detect incidences or data breaches? How soon after an incident would you become aware? You should have a carefully thought out, tested, evaluated and corrected incident management process in place. Your DPO should have informed this process at all stages. Reporting to the supervisory authority needs to be an overarching consideration when developing this process.  I provide procedure development consulting, training and support for data breaches and incident management.


Data Protection Impact Assessments and Legitimate Interest Assessments both require an element of legal reasoning and rights balancing. Your DPO might require assistance to perform these assessments or a second opinion on their logic and reasoning in the assessments. My years of expertise will guide your DPO toward clarity and give them confidence in their final assessments of the DPIAs and LIAs documented for your business.


Data Protection Officers make use of software packages that fall into the Governance, Risk and Compliance family. These software packages assist with GDPR risk management and compliance. Choosing the correct solution from the plethora available on the market can be a difficult task. I can advise on fully compliant and tailored solutions for your data protection and privacy program, from understanding the minefield to troubleshooting and implementing a tailored data protection software management framework.


Please click here to accept the relevant marketing cookie [NID] to view this embedded Google map. The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google's SafeSearch filter turned on. Or, alternatively, click this link to view ProPrivacy's office location on Google Maps.


Philipa Farley is an Association of Data Protection Officers Member ProPrivacy is a Cork Chamber Member ProPrivacy is a Mallow Chamber Member Philipa Jane Farley is a Grow Remote Mallow Chapter Member

ProPrivacy Consulting Limited (t/a ProPrivacy) CRO Reg: 628639 VAT: 3547299MH Registered Office: Bridgetown, Castletownroche, Co. Cork
© Copyright 2019 ProPrivacy Consulting Limited - All Rights Reserved