Your company DPO

Under the GDPR, most businesses and organisations must have an appointed Data Protection Officer. Also known by its acronym, DPO, a Data Protection Officer bears the responsibility of supervising and implementing your company’s data protection policies and procedures.

Central point of contact

Your company’s Data Protection Officer will be the central contact person for the processing of data deletion requests. They’ll also manage and coordinate all queries, and provide strategic input into the way your company collects, stores, and processes personal data. There are certain types of businesses and organisations that are not compelled to appoint a DPO, but they are few and far between.

DPO job requirements

When appointing a company DPO, you will need to apply a list of guidelines for this role. It is possible for you to appoint a DPO within your company itself, but bear in mind the regulations listed in Article 37 of the GDPR. Your DPO does need to have expert knowledge of data protection law and practices. Moreover, your company’s DPO should hold the necessary expertise and knowledge for understanding and implementing your business’ data protection strategy. They will need to have a strong understanding of your business, and as a business owner, you’ll need to be fully transparent with them. Most importantly, when you appoint a DPO, make sure their current role doesn’t interfere with their requirement to monitor and implement your data protection policies and procedures. There can be no conflict of interest when it comes to their role and its responsibilities.

Outsourcing your DPO role

It is possible to outsource the role of your DPO, and appoint one through an external service provider or consultant. Before you palm off this role to the first consultant that pops up in a Google search result, however, bear this in mind: finding the right DPO for your company is not as simple as calling an organisation up, or asking for a consultation. Your data compliance and cybersecurity programme is an essential part of your business operations. The implementation of, and adherence to, it could effectively stimulate your business, or lead to become stymied. That’s why we recommend you don’t just hire the first company you come across: do your research, ask for referrals, and check out their qualifications and expertise. Best of all, ask your potential DPO for information on their work, or if they’d be willing to share anonymised case study information with you. Get a good understanding of who your potential DPO is, and only outsource this role to a company you can truly trust.

Your DPO information

As part of the GDPR, your company’s DPO information must be made public. This is not something you can hide in the back, or make inaccessible to the wider public. The easier you make it for people and companies to get in touch with your DPO, the better the process becomes for everyone.

Does my business need a DPO? Ask ProPrivacy to assist, and we’ll help you figure out your business’ way forward.