Company data protection officer
If your business requires someone to fulfil its obligation in terms of data compliance/protection but decides not to outsource this role to a professional outside organisation, then there are very clear directives as to what your internal Data Protection Officer (DPO) is responsible for in this important area.
I have broken down the key aspects of the role as follows, but the shortlist below is not comprehensive and there is a huge amount to cover:
- Ensure your business is registered with the Information Commissioner’s Officer (ICO) Data Register
Nearly all businesses, companies and organisations will be sharing or using data and should be registered. Depending on the size of the business and amount of employees will determine which tier they reside – there are three tier levels.
- An excellent understanding of the main guidance and regulations pertaining to data protection and compliance?
The full list is below and as you can see, it is quite lengthy!
The Data Protection Act 2018 Data Protection, Charges and Notification Act 2018, General Data Protection Regulation (GDPR), Privacy in Electronic Communications Regulation 2003 (PECR), ePrivacy Regulation (ePR), Due to take effect in 2019 - UK Information Commissioners Office (ICO) Guidance International Standards Organisation ISO/IEC Standards Learnings from Enforcement Actions, Payment Card Industry Data Security Standards (PCI DSS) and The European Data Protection Board (EDPB) Guidance.
- To be able to confirm that all data is being safeguarded and properly protected
Whether this is physical data on paper documents or the online versions, it is the duty of the Data Protection Officer (DPO) to guarantee the security of all data for their organisation.
- Demonstrate compliance and be ready to defend your company if there has been a breach
The Data Protection Officer (DPO) must be able to follow the correct procedures if there has been a security breach within their business – these can be quite complex and time consuming
- Certify that all policies, processes, procedures and notices are in place and are compliant
A big task and made harder because they need to continually be updated. If the ICO perform an audit of the organisation is this area and find gaps and time lags then this could potentially cause major issues as some of the fines and restrictions can be severe.
As I explained earlier, these are some of the key duties, but there are many more for the Data Protection Officer (DPO) to fulfil. For some organisations the time and cost of employing an independent and knowledgeable DPO is prohibitive and it makes more sense to outsource this function. This way they do not have to pay a full salary and they can reap the benefit of committing to a much smaller monthly payment which guarantees they are covered in this vital area.
The Document Warehouse (TDW) have been called on many times to become a company’s Data Protection Officer (DPO), fulfilling all relevant duties and ensuring that the organisation complies with all necessary legislation that essentially puts all the ticks in all the boxes – this means that the company can focus on other essential tasks and leave the compliance angle to us. If you need help or advice in this area of your business then please feel free to call us.