What is the position and role of the DPO? #GDPR

The Data Protection Officer (DPO) is somebody who:

  1. Is appointed on the basis of professional qualities and knowledge of data protection law;
  2. May be a staff member or somebody external may be contracted to undertake the role;
  3. Has a role liaising with the supervisory authority, the Information Commissioner – the DPO’s details shall be published and communicated to the ICO

The data controller and the processor need to:

  1. Ensure the DPO is involved properly and in a timely manner on all issues which relate to the protection of personal data;
  2. Support the DPO with the resources necessary to carry out the role and access to processing operations and so the DPO can maintain his or her expert knowledge;
  3. Ensure the DPO has the necessary protection, freedom and protection to carry out the role without fear or favour;
  4. Ensure the DPO reports to the highest management level;
  5. Provide that data subjects may contact the DPO relating to issues on processing their personal data ad their rights under GDPR;
  6. Centrally bind the DPO to confidentiality; and,
  7. Allow the DPO to carry out other duties and tasks (as appropriate) where there is no conflict of interest.

 The DPO must have at least the following tasks:

  1. Inform and advise the controller or the processor and the employees who carry out processing obligations under the GDPR or other data protection provisions;
  2. Monitor compliance with the GDPR, considering data controller’s policies, assignment of responsibilities, awareness-raising and training of staff involved in processing and related audits;
  3. Provide advice where requested on the data protection impact assessment and monitor its performance;
  4. Cooperate with, and act as a contact point for, the supervisory authority, the Information Commissioners Office;
  5. Have due regard to the risks associated with processing operations in the performance of his role, taking into account the nature, scope, context and purposes of processing.

View our GDPR page for more information