Data Protection Officer Survey Results
One of the most significant impacts of GDPR was that many organisations were required to appoint a Data Protection Officer, and many more chose to do so even though they didn’t fall under the mandatory requirement. This has led to a proliferation in DPOs.
Furthermore, GDPR specifies how a DPO should be positioned within an organisation, the requirement for them to have expert knowledge in data protection law and practices, as well as setting out the tasks a DPO should fulfil.
We conducted a survey to gain a better understand of DPOs’ experience and how data protection is being embedded within their organsations, post GDPR enforcement on 25th May last year. 120 DPOs took part, the majority of whom worked for UK organisations.
The results reveal a significant proportion of DPOs do not feel their have adequate resources to fulfil their role and nearly a quarter strongly agree they feel under significant commercial pressures. The results also highlight the issues organisations face surrounding data retention, Article 30 records and when a personal data breach should be reported.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.