Now that the GDPR legislation and UK Data Protection Act of 2018 have come into force, there are new requirements that businesses must follow. One such requirement is the employment of a DPO (Data Protection Officer) within organisations. Under the GDPR you must have a DPO if you fall into any of these categories:
- You are a public authority
- Your core activities include the carrying out of regular and systematic monitoring of data subjects on a large scale
- Your core activities include the carrying out of large-scale processing of special categories of data or data relating to criminal convictions
Even if you don’t meet these criteria, it may still be helpful to have someone who takes a lead on ensuring your organisation meets compliance with data protection requirements so that you can be confident that personal information is being handled appropriately and that all staff understand their responsibilities in this area.
Your DPO is there to ensure that your organisation remains accountable in its management of personal data. The qualities that a DPO will need to assist your company are a high-level knowledge of data protection and privacy law and an understanding of how to apply this through appropriate technical and organisational controls. This will allow them to offer advice and support on any and all aspects of processing data within your organisation. It is paramount that the DPO is able to act independently and without conflict. Expert external support can and will assist your DPO in maintaining your business’s compliance with the GDPR.
How can Evolve North help?
At Evolve North our experienced team of privacy and IT Security professionals offer a range of DPO support packages that can be tailored to assist your company. We can support your DPO in the following areas:
- Reviewing your current practices to identify where further work may be needed to warrant compliance with data protection law
- Providing ongoing audit and review of data protection and IT Security practices to ensure your organisation can evidence ongoing compliance with relevant data protection requirements
- Providing ad hoc support for specific areas such as:
- Dealing with subject access and other data subject requests
- Dealing with a data breach or a cyber security incident
- Development of relevant policy and procedure for staff
- Understanding your information assets and risks to these assets
- Answering ad-hoc queries by email or telephone when required
If you would like more information on how Evolve North can help in supporting your DPO function, please contact us.