The General Data Protection Regulation (GDPR) legal framework requires specific organisations to have accountability in place for their data protection and data protection officers (DPO). While there has been some uncertainty around if this applies to SME, due in part to earlier drafts of the GDPR, this uncertainty has been quashed by the Information Commissioners Office.
Peter Brown, Senior Technology Officer
“I’ve heard plenty of people talking about there being a DPO exemption for SMEs – this is absolutely not the case.”
A DPO is a personal data security leadership role that has come about as a result of the General Data Protection Regulation. The Data Protection Officer plays a fundamental role, ensuring that an organisation has a robust, legal data protection policy that is adhered to and enforced. Organisations are encouraged to appoint a DPO to cover data protection strategy and implementation and to ensure compliance with GDPR requirements.
In many cases, the day to day requirements of a DPO does not justify a full-time position, this, alongside the cost associated with employing an internal DPO has resulted in many companies looking elsewhere to ensure they are compliant with the new legal framework. One area of our business that we are seeing significant growth is our Virtual Data Protection Officer service.
Our Virtual Data Protection Officers (vDPO) are highly skilled specialists in Data Privacy and GDPR compliance and offer a robust and versatile solution for business to manage their data correctly. While the term vDPO has become common place since the evolution of GDPR, few people realise that the need for a DPO has been legislative requirement for more than 20 years.
:: Demonstrate accountability and GDPR Compliance within your organisation.
:: Established ourselves as a trusted advisor providing strategic governance and compliance support.
:: Liaise with the ICO on your behalf.
:: Monitor your outsources and 3rd party dats providers to ensure they meet the requirements of your data and compliance policies.
:: Raise awareness, support and train employees around data protection and it importance.
As well as ensuring you are compliant with the GDPR and privacy policies, a robust data policy will demonstrate a commitment to your clients data and give an increase level of confidence with clients when working with their potentially sensitive information.
The DPO is a high profile and highly accountable role requiring expertise in national and European data protection laws and practices and an in depth understanding of the GDPR. The GDPR does not require every controller or processor to appoint a DPO but, you should assume that you will need a DPO – unless you can demonstrate that you don’t.
It will be important to appoint the best fit for your organisation – taking into account its size and the sector you are in. As such, you will need to decide if appointing a full-time DPO is the best way to ensure your organisation complies with GDPR – if the scale of the role and costs make a dedicated DPO unrealistic, it is time to consider a virtual data protection officer and give your organisation complete compliance, accountability and expertise for a fraction of the cost.
At CaPS we firmly believe that complying with data privacy laws should not be a target, it’s a continuous journey that needs to be baked into the daily operation of your business. Working with an external provider negates any conflict of interest and provides expert objective and independent advice and guidance, giving you access to a wide set of skills obtained through working both in the private and public sector.
If you are considering a vDPO we would welcome a conversation to explore where CaPS can help. Please Contact Us or call 01293-279-770.