Does your data protection officer (DPO) know the rules?
Data protection and compliance has become quite complicated over the last few years.
There are four pieces of legislation affecting the area of data protection and they are all governed by the ICO (Information Commissioners Office):
- GDPR 2018 – General Data Protection Regulation
- PECR 2003 – Privacy in Electronic Communication Regulation
- UK Data Protection Act 2018
- UK Data Protection 2018 (Charges & Information Act)
This legislation is ever-changing and will continue to do so for the foreseeable future which means that significant time and investment is required to ensure that businesses and organisation are covered competently. The Data Protection Officer has to have an in-depth knowledge of the main legislation pieces and how they affect their individual organisations.
Interestingly, there are rules governing who can perform the role of Data Protection Officer for a business or organisation – not just everyone within a company is allowed to step in and execute the duties or associated tasks. The main criteria is as follows:
- The DPO must be independent;
- An expert in data protection;
- Adequately resourced;
- Report to the highest management level;
- The DPO should not be a controller, processing activities (for example Head of HR);
- The DPO should have responsibility for managing his/her own budget;
- The DPO should not be an employee on a short or fixed term contract; and
- The DPO should not report to a direct superior (rather than top management);
All of the above will give you an indication if your organisation or business is adhering to the guidance set out by the ICO.
For some companies or enterprises follow a different path by outsourcing this critical function, either completely or as a third line of defence.
This is where perhaps The Document Warehouse International Compliance Office (TDWico) can step in and provide the necessary knowledge, experience and advice to ensure what we call complete compliance capability!
Just recently TDWico was selected as “Best in Class” for Outsourced Data Compliance in the UK by SME News 2020 Enterprise Awards – something we are understandably very proud of.
So, if you are unsure of the qualities/abilities required by your DPO or are thinking of outsourcing this vital area of your business, then perhaps TDWico can help you.