Corporate responsibility for the Data Protection Officer role

28 March 2023

Corporate responsibility for the Data Protection Officer role

GDPR sets out the responsibilities of both the Data Protection Officer and the organisation which appoints the DPO.  The specific responsibilities of the organisation are:

  • To ensure that the DPO is involved in all issues which relate to the protection of personal data.  The regulator will look for evidence that the involvement is credible and timely.
  • To support the DPO in role by ensuring that they have:
    • the resources necessary to carry out the tasks,
    • access to personal data and to data processing operations, and
    • access to resources to maintain their expert knowledge.
  • To keep the independence of the DPO role the organization should ensure:
    • that the DPO does not receive instructions about how to fulfil the role, which tasks to carry out or when for example.
    • there are no penalties on the DPO for performing the tasks required of them.
    • that the DPO does not have any conflict of interest when carrying out the role.
  • That the DPO should report direct to the highest level of management in the organisation.

These are the obligations of the organisation which appoints a DPO.  It is a statutory role with specific responsibilities, not to be taken lightly.

What we can do to help

We can undertake the DPO role for your organization providing the experience and knowledge required to fulfil the role to a great standard and to establish the independence that the role requires.

Alternatively we can support an in-house DPO in role providing advice on technical aspects of data protection and on issues that arise in practice.  The support role includes checks to ensure and demonstrate the independence and integrity of the role in your organisation.

Link for more information or call for a quote.

 

Mandy P Webster

28 March 2023