The role of a DPO
The Irish Data Protection Commission sets a clear description of a Data Protection Officer…
‘The Data Protection Officer (DPO) role is an important GDPR innovation and a cornerstone of the GDPR’s accountability-based compliance framework. In addition to supporting an organisation’s compliance with the GDPR, DPOs will have an essential role in acting as intermediaries between relevant stakeholders (e.g. supervisory authorities, data subjects, and business units within an organisation).
The DPO will have professional standing, independence, expert knowledge of data protection and, to quote the GDPR, be ‘involved properly and in a timely manner’ in all issues relating to the protection of personal data.
The DPC recommends that all organisations who will be required by the GDPR to appoint a DPO should do this as soon as possible and well in advance of May 2018. With the authority to carry out their critical function, the Data Protection Officer will be of pivotal importance to an organisation’s preparations for the GDPR and meeting the accountability obligations.
A DPO may be a member of staff at the appropriate level with the appropriate training, an external DPO, or one shared by a group of organisations, which are all options provided for in the GDPR.
It is important to note that DPOs are not personally responsible where an organisation does not comply with the GDPR. The GDPR makes it clear that it is the controller or the processor who is required to ensure and to be able to demonstrate that the processing is in accordance with the GDPR. Data protection compliance is ultimately the responsibility of the controller or the processor.’
Definitely time now to know whether your business or organisation should be examining their requirements whether they require a DPO.