Blog

Do you need a DPO to Be GDPR Compliant?

Posted by Jeff Pelliccio on Nov 15, 2017 9:00:00 AM

In ICS insights

Filling the role of the Data Protection Officer (DPO) is a crucial aspect of the implementation of the General Data Protection Regulation (GDPR or the Regulation), which was developed to provide consistent and intensive protection for consumers' private information.  

While there is still time for your organization to fill this enterprise security leadership role before the May 25, 2018, GDPR enforcement deadline, it may help you to learn some additional information about the position and its importance before starting your DPO talent search.  

What Is a DPO?  

A DPO's primary responsibility is to develop and enact strategies to ensure data protection compliance, per the GDPR's requirements. They act as an independent attendant, responsible for the proper care and use of a customer's confidential information. A company would hire a DPO to ensure security for the customer, not necessarily for the company's benefit. 

What Are the Responsibilities of a DPO?  

According to EU Data Protection Regulation website, the DPO is expected to work independently and without direction. Their job is to follow the Regulation to the letter, without seeking workarounds or loopholes out of convenience, or for any other reason.  

Following are some of the primary responsibilities of the DPO:  

  • Serves as a liaison between supervisory authorities who oversee activities related to organizational data. 

  • Educates management and employees on key aspects of the Regulation and what is expected of them to ensure compliance.  

  • Provides specialized training for employees who work in data processing. 

  • Conducts consistent audits to ensure compliance and to catch possible issues in order to correct them before they turn into problems.   

  • Maintains comprehensive records of all data processing activities for the company.  

What Traits, Capabilities, and Professional Background Does a DPO Need to Have?  

Traits, capabilities, and the professional background the GDPR recommends for DPO professionals include:  

  • A strong and data-focused IT professional background.  

  • An ability to work cooperatively with the IT department to develop policies and procedures related to all facets of data handling, including outsourcing, information security, BYOD and general monitoring of data practices. 

  • Clear, concise and confident communication skills.  

  • Thorough knowledge of the Regulation and the ability to quickly and easily share that information with executives, management, staff and anyone else with questions. 

  • Ability to develop and implement concrete data protection practices. 

  • Familiarity with change management strategy in order to make corrections and adaptations, when necessary, to ensure GDPR compliance. 

  • Comfortable with consulting with legal and compliance staff, as well as accounting and finance team members who understand the financial needs associated with GDPR, but is ultimately the decision-maker when it comes to ensuring compliance.  

Does Your Company Need a DPO for GDPR Compliance?  

The GDPR Article 37(1) states that any organization that regularly processes or stores large amounts of confidential consumer data must appoint a DPO.  

If you are unsure whether or not you need to hire a DPO for your organization, consult the following criteria, handed down by the EU:  

  • Your company carries out the relevant data processing and is a public authority or body, which may include schools, government agencies, emergency and public safety providers.

  • A core activity of your organization involves large-scale monitoring of consumer data.  

  • Your business has access to highly sensitive personal customer data, such as data concerning criminal convictions.  

A Knowledgeable Staffing Agency Can Help You Find the Right DPO  

Now that you know you need a DPO for GDPR compliance, you may wonder how to go about finding the best candidate for this vital role.  

Your selection process may depend on some different variables. For large companies, you may need to develop a department that supports your DPO to prevent overloading one dedicated professional. However, smaller organizations may need to ask their chief information security officer to add DPO responsibilities to their full plate. Some highly skilled DPOs monitor several different companies for GDPR compliance as an outside consultant.  

At ICS, we can help you assess your needs, according to the mandates of the Regulation, before going on to help you find experienced and talented candidates who will fit into your company culture and ensure GDPR compliance. 

Find Talent NOW

FTN Legal Compliance.png