Data Protection Officer Outsourcing

Data Protection Officer Outsourcing

GDPR introduced a new governance structure in the form of the data protection officer (DPO). The role of the Data Protection Officer is clearly set out and “is a combination of advisor, educator and point of contact for both the supervisory authority (SA) and data subjects”. (Kelleher and Murray, EU Data Protection Law, 2018 at p.246) The DPO’s function is one of seniority and total independence within the overall operation of the data controller. It represents a robust means of internal regulation with compliance as the ultimate goal.

It is not mandatory for every organisation to appoint a DPO but the controller and the processor shall designate a DPO in any case where:

(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale ; or

(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Art. 9, and personal data relating to criminal convictions and offences referred to in Art. 10.

“A DPO may be a member of staff at the appropriate level with the appropriate training, an external DPO, or one shared by a group of organisations, which are all options provided for in the GDPR”. (Office of DPC, Guidance Notes on DPO)

Many smaller organisations  will struggle to find an appropriately trained person to fulfil the role of DPO. Employing one full- time may put pressure on resources. A decision to employ a part-time DPO may have been taken without a full  awareness of the extent and scope  of the responsibilities that the role demands. Where the DPO acts in another capacity, there is a danger that the effectiveness of the DPO’s role can be undermined and compromised.

GDPR foresaw these possibilities and Art. 37 (6) allows for the DPO to “be a staff member of the controller or processor, or fulfil the task on the basis of a service contract”.

Contact Us Now

This is where the expertise of GDPRXpert is most effective and beneficial. We will carry out the roles, functions and duties of the Data Protection Officer in an independent and objective manner. Our knowledge and experience will immediately  augment  your organisation’s compliance level , by facilitating accountability and transparency.  GDPRXpert provide a high quality external  Data Protection Officer  service. It is cost effective and  allows a more measured allocation of resources . At the same time, it delivers and  executes  a  practical and  structured  compliance solution for the smaller business or organisation.

Remember! We are the experts. You don’t need to be  an expert. You just need to be compliant. Our data protection officer service will get you there safely.

Latest News