Your company DPO
Under the GDPR, most businesses and organisations must have an appointed Data Protection Officer. Also known by its acronym, DPO, a Data Protection Officer bears the responsibility of supervising and implementing your company’s data protection policies and procedures.
Central point of contact
Your company’s Data Protection Officer will be the central contact person for the processing of data deletion requests. They’ll also manage and coordinate all queries, and provide strategic input into the way your company collects, stores, and processes personal data. There are certain types of businesses and organisations that are not compelled to appoint a DPO, but they are few and far between.
DPO job requirements
When appointing a company DPO, you will need to apply a list of guidelines for this role. It is possible for you to appoint a DPO within your company itself, but bear in mind the regulations listed in Article 37 of the GDPR. Your DPO does need to have expert knowledge of data protection law and practices. Moreover, your company’s DPO should hold the necessary expertise and knowledge for understanding and implementing your business’ data protection strategy. They will need to have a strong understanding of your business, and as a business owner, you’ll need to be fully transparent with them. Most importantly, when you appoint a DPO, make sure their current role doesn’t interfere with their requirement to monitor and implement your data protection policies and procedures. There can be no conflict of interest when it comes to their role and its responsibilities.
Outsourcing your DPO role
It is possible to outsource the role of your DPO, and appoint one through an external service provider or consultant. Before you palm off this role to the first consultant that pops up in a Google search result, however, bear this in mind: finding the right DPO for your company is not as simple as calling an organisation up, or asking for a consultation. Your data compliance and cybersecurity programme is an essential part of your business operations. The implementation of, and adherence to, it could effectively stimulate your business, or lead to become stymied. That’s why we recommend you don’t just hire the first company you come across: do your research, ask for referrals, and check out their qualifications and expertise. Best of all, ask your potential DPO for information on their work, or if they’d be willing to share anonymised case study information with you. Get a good understanding of who your potential DPO is, and only outsource this role to a company you can truly trust.
Your DPO information
As part of the GDPR, your company’s DPO information must be made public. This is not something you can hide in the back, or make inaccessible to the wider public. The easier you make it for people and companies to get in touch with your DPO, the better the process becomes for everyone.
Does my business need a DPO? Ask ProPrivacy to assist, and we’ll help you figure out your business’ way forward.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.