With the constant discussion currently around the impending General Data Protection Regulation (GDPR), the role of a data protection officer (DPO) or data compliance officer (DCO) has never been so much in the public eye. With just over six months until implementation of GDPR, organisations need to start assessing their possible requirement for a DPO. In fact, it is predicted that 28,000 additional DPOs will be required by organisations to achieve GDPR compliance by 25 May 2018.
A DPO is a significant position within an organisation, responsible for overseeing data protection strategy and implementation to ensure compliance with the new GDPR requirements by 25 May 2018.
A DPO will be a requirement for organisations under GDPR if they process or store large amounts of personal data, whether for employees, individuals external to the organisation, or both. DPOs must be appointed where the core activities of the controller or processor involve regular and systematic monitoring of data subjects on a large scale, or where the entity conducts large scale processing of special categories of personal data.
Some of the responsibilities of a DPO include educating the organisation and its employees on important compliance requirements, training staff involved in data processing, and conducting regular security audits. DPOs also serve as the point of contact between the organisation and any supervisory authorities that oversee activities related to data.
If your organisation falls outside of the scope to have a mandatory DPO, there is still a requirement under the new regulation for you to have a data compliance officer. A DCO is best defined as an individual designated with the role of ensuring compliance with any regulatory requirements and is known to be the point of contact across the organisation who will be expected to handle any events that materialise in respect of data protection.
Although a less significant role within an organisation, a DCO is still expected to fulfil the majority of the responsibilities of a DPO. One of the requirements of a data compliance officer is to keep an internal record log of data protection issues and conversations that have been held within the organisation within the period being recorded.
How we can help
Moore Stephens offers an outsourced service to ensure your organisation meets the DPO or DCO requirements under GDPR. Some of the services we provide include a privacy risk assessment, a full compliance monitoring plan as well as acting as a helpdesk internally for your organisation.
For more details, please contact Chris Beveridge, Global Head of Privacy at Moore Stephens.