Certain organisations from May 2018 are now required to appoint a Data Protection Officer (DPO) or have access to a service that provides this function.
As a role/service this is a new profession which will continue to develop over the coming months and years.
Where we provide this service (and because this is a developing profession), we incorporate a practical approach to ensure that staff are correctly supported BUT there is always a high degree of objectivity. The DPO is legally required to make decisions that comply with data protection legislation and that may at times mean they provide a decision or answer that an organisation may not “like”.
Our primary function is to:
Ensure that an organisation meets its data protection obligations
Review data sharing activities
Undertake and review Data Protection Impact Assessments (DPIA)
Act as the first point of contact for the Information Commissioner
Act as the first point of contact for data subjects