Understand how to measure and demonstrate compliance

Do you need a DPO?

The GDPR requires you to have a data protection officer in specific cases:

1. if you are a public authority or body and process personal data, in the UK this has been extended to include pharmacies, dentists, opticians and other NHS care service providers.
2. where your core activities consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
3. where your core activities consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

Even if it is not mandatory, data protection regulators encourage organisations to appoint a DPO on a voluntary basis. By appointing a DPO, this can help you to demonstrate compliance with the regulation

There is a requirement for the DPO to perform their duties and tasks in an independent manner and cannot have a position in your organisation that determines the purpose and means of processing personal data.

Learn Essential Skills and the role of the Data Protection Officer

What does a DPO do?

The responsibility of compliance with data protection remains with you (as the controller or the processor). The DPO is responsible for monitoring the compliance by collecting information, analyse and check the compliance of your processing activities, and also to inform, advise and issue recommendations to you.

The DPO has a special role when it comes to introduction of new processing activities or changes and whether or not a Data Protection Impact Analysis (DPIA) should be carried out. The DPO is also responsible for giving advice on a number of issues relating to DPIA.

The regulation requires the DPO to take a risk based approach to your data processing activities, and be able prioritise accordingly.

Record Keeping

It is not uncommon for a DPO to be assigned the task of maintaining the records of the processing activities under your responsibility. These records form an important part of the tools required for the DPO to perform its tasks of monitoring compliance, informing and advising you.

Learn to use some of the tools to help your business

Tools to help

We have developed tools and mechanisms to assist DPO's in their work:

• Gap Analysis tools to establish compliance to the regulations
• Training tools to perform Data Protection impact Assessments
• Tools and reports to ensure effective communication and monitoring of compliance status.

Privacy Policies

We can work with your DPO to ensure that your privacy communications are relevant, in line with requirements and clear. Helping with training and the production of your customer and client facing privacy policies.

Checklists

We have produced some valuable checklist to ensure that you pick up on all the important and compulsory elements of your data protection, including tasks and responsibilities of your contracted third party data processors.

Be able to pass on the knowledge and assist with training your team

Staff Training

A key function of the DPO role is to ensure that staff are well prepared to fulfill their responsibilities under the data protection regulations.

We can assist your DPO with training material and guidance for your team .

It's going to be very important to make sure that your data protection technical and policy measures are in place and also that your staff are not going to be the weakest link

Essential Data Protection Policies

We can help your DPO to produce the company policies that are needed as part of your obligation to demonstrate compliance. This includes staff training to ensure that your working practices reflect your data protection security intentions.

Marketing

We help you to understand the elements of your marketing that relate to not only the GDPR and UK data protection act but also other regulations that your business is required to conform to.