What is a Data Protection Officer?

A Data Protection Officer (DPO) is a specialised leadership role, dedicated to data privacy and security. Under the GDPR, the role will be mandatory for many organisations. Common responsibilities of the DPO include:

• The design and implementation of a data protection strategy.
• Keeping their organisation informed of what is required by law from the data regulations (GDPR) as well as monitoring to make sure they comply with these requirements.
• Being the primary contact for the Data Protection Authority and for any individuals they are processing data on.

When would a Data Protection Officer be needed under GDPR?

The below are required by GDPR to appoint a DPO although any organisation may appoint one if they feel it is necessary. Also, depending on their size, a single Data Protection Officer can be appointed to act on behalf of a group of organisations. Those that will have to appoint a DPO:

• Public Authorities
• Organisations who monitor individuals (online tracking for example) on a large scale.
• Organisations who process special kinds of data or data relating to criminal convictions.

Why will Data Protection Officers be important going forward?

The DPOs will provide a central, high-level focal point for data strategies in the future. This is important as GDPR regulations affect the whole of an organisation, therefore a mistake from any employee could land the whole organisation in breach of a rule and liable to fines. It will, therefore, be integral for DPOs to acquire buy-in from the highest levels when implementing processes, people and technology to ensure personal data is always being handled in the individual's best interest.