What does a DPO do? Does your organisation need one? What skills and qualifications should a DPO have? Who should they report to?
This report aims to answer these questions, and provides an insight into how DPOs comply with the GDPR, which came into force on 25th May 2018.
The main role of a DPO
A DPO should be an organisation’s privacy and consumer champion. They should take ownership of compliance and promote it, having a public-facing function representing the interests of Data Subjects (customers, subscribers, donors etc).
A DPO’s job is to identify and mitigate data protection risks; ensuring organisations are compliant with relevant regulation. They also act as the main point of contact with the regulatory data protection Authority.
The role involves promoting privacy awareness at the most senior level, as well as ensuring all staff are trained and know their data protection responsibilities and obligations. For example, do staff know what a data breach is, how to prevent a breach and what to do when one happens?
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.