Home > Reading Room > GDPR’s new data protection officer

GDPR’s new data protection officer

Written by Samuel O'Toole on 11 May 2018

« Return to Reading Room

The General Data Protection Regulations (GDPR) ((EU) 2016/679) is hot news right about now, for those living under a stone GDPR is a EU law that revolves around data protection and privacy - it will change the way in which organisations protect all EU citizens privacy, it will therefore re-shape data privacy across the EU.

GDPR will make it compulsory to have a data protection officer (DPO) in three circumstances:

  1. If you are a public authority;
  2. If your main activity requires that regular and systematic monitoring of data subjects on a large scale; and
  3. If your main activity consists of processing special category data on a large scale and data with regards to criminal offences.

The DPO will play a key part in implementing data protection into the organisation concerned. Guidance has suggested that the DPO will ensure that the principles of data protection, that the GDPR will focus upon, are implemented. The DPO’s job will therefore revolve around the preservation of data subject rights, recording data processing activities and ensuring the security of data processing.

The DPO will have his or her work cut out! However, because the DPO will play such a pivotal roll in the implementation of the GDPR and as the name suggests the safeguarding of personal data, the structure of the organisation concerned must ensure that the DPO is afforded independence.

Article 38(3) of the GDPR states that the DPO must not receive instructions when carrying out their tasks – sounds like a perfect job!

It gets even better; the GDPR provides that a DPO must not be dismissed or penalised with regards to the performance of their role as a DPO.

Whilst the DPO is permitted to carry on other tasks in the organisation, the DPO must ensure that these other tasks do not give rise to a conflict of interest with regards to the DPO’s ability to remain independent.

If you are unsure as to whether your organisation needs a DPO or if you have been appointed to become a DPO and are unsure about your roll, get in contact with Lawdit’s DPO Michael Coyle.

If you'd like to know more about this article please send an email to Michael Coyle quoting the article title and any questions you might have, alternatively call the office number on 02380 235 979 or send an enquiry through our contact form.

Want to speak
to someone?

Complete the form below and we’ll call you back free of charge.

Visual Captcha