Appointing a Data Protection Officer (DPO) is one of the new requirements under the GDPR that applies to certain organisations due to their use of personal data. Not all organisations are required to appoint a DPO but some may wish to appoint a DPO even if not required to do so under the GDPR. A DPO needs to be sufficiently independent, have expert knowledge of data protection law and be able to report to an organisation’s senior management.
Bates Wells is here to help you:
- Assess whether your organisation is required to appoint a DPO under the GDPR; and/ or
- If you are required to appoint a DPO or wish to do so in any event, to provide external support with the DPO role.
Our team can act as an external, outsourced DPO service providing you with the expertise and experience required for a DPO. This includes:
- Discussions with senior management or core departments within your organisation about projects involving use of personal data and advising on the implications under the GDPR
- Liaising with individuals making requests under the GDPR or any enquiries from data protection authorities
- Monitoring compliance with the GDPR and with your data protection policies
- Carrying out and reviewing Data Protection Impact Assessments
- Supporting you with any data security breach incidents and any breach reporting to individuals or data protection authorities
- Providing GDPR training and awareness-raising to your personnel
- Carrying out GDPR compliance audits/ health checks
- Reporting to senior management on an annual (or more regular) basis concerning the organisation’s compliance with GDPR
If you’d like to discuss your requirement to appoint a DPO or discuss the external, outsourced DPO service Bates Wells can offer, please contact Victoria Hordern on [email protected].