GDPR: Guidance released on appointing a Data Protection Officer
The EU’s General Data Protection Regulation (GDPR) is set to take effect within the UK from 25 May 2018. GDPR is aimed at unifying data protection across the EU Member States whilst increasing the data rights of individuals and placing more obligations on those who process data. The GDPR requires some businesses to appoint a data protection officer (DPO) in certain circumstances. The Information Commissioner’s Officer (ICO) and the Law Society have released guidance on appointing a DPO to help organisations with this process. Under the GDPR, employers will have to appoint a DPO where they:
- Are a public authority;
- Carry out large scale systematic monitoring of individuals (such as tracking of online behaviour); or
- Carry out large scale processing of special categories of data or data concerning criminal convictions and offences.
- Informing and advising the business and its employees about obligations under the GDPR and data protection laws;
- Monitoring compliance with the GDPR and data protection laws, including carrying out internal training, conducting audits and managing activities; and
- Being the notified person for individuals and regulatory authorities to contact first with regards to GDPR and data protection laws.