Data Protection Officer
What is it about?
The DPO, also sometimes known as the Senior Responsible Individual (SRI),
Only a minority of organisations are required to appoint DPOs under the Data Protection Act, nevertheless it is common for organisations which take Data Protection seriously to make a voluntary appointment. The DPO role can be filled internally, however, external DPO/SRIs such as Exigia can plug knowledge and skills gaps and provide much needed independent judgement.
How hard can it be?
- Data Protection is complicated and ever changing
- Getting it wrong can lead to serious consequences such as loss of business and even heavy regulatory fines
- Legislation isn’t the only consideration; standards, technology changes and sector practices need to be taken into account
- Internal management are inevitably busy, focused elsewhere and cannot be expected to be as independent as an external advisor
How can we help?
We can really make a difference with
- Audit and review of process and documents
- Briefing papers and reports
- Assessing new programmes
- Risk assessments
- Data Protection Impact Assessments (DPIAs)
- Legitimate Interest, Transfer Risk and other assessments
- Incident handling
- Acting as a point of contact with data subjects for access and data rights requests
- Dealing with the Information Commissioner’s Office