GDPR – do I need to appoint a Data Protection Officer?
The GDPR is the new General Data Protection Regulation. It comes into law on 25th May 2018, affects everyone in the EU, and isn’t changed by Brexit.
If you run a business of any kind, anywhere in the world, and you deal with EU citizens’ personal data, you can be certain the new rules apply to you.
A Data Protection Officer (DPO) is an extension of the data protection authority, tasked with making sure personal data processes, activities and systems conform to the law.
The decision to appoint a DPO is not about size or annual turnover.
Plenty of companies with fewer than ten employees still manage to process vast amounts of personal data. This means they do come under the new law, even though they’re small businesses.
The GDPR doesn’t look at the number of employees, but at what they do with the personal information they collect, keep and process.
A DPO is mandatory for some types of organisations, including public authorities. The same goes if your business carries out ‘regular and systematic’ large scale data monitoring, or processes large amounts of data under various data categories. For example, market researchers, credit reference agencies and companies that carry out online behaviour tracking.
In short, if you depend on processing personal data, you’ll have to appoint a DPO.
The more complex your system is, the more you might have to do to make sure it supports every aspect of business-wide compliance. Your first step is to start thinking about GDPR now, to give your company the time needed to get ready. Unless you are 100% confident you can handle it in-house, your second step is to find someone you can trust to give your IT an overhaul.
If you’d like more information about GDPR, click here.
How we can help you with GDPR
You are responsible for your own business’ compliance. However, we can guide you on your journey to IT compliance, making sure your systems are in line with the new requirements.
If you need an expert IT partner to see you through the process before the new rules kick in next May, give us a call on 01235 426700 or email email@example.com to discuss the details.
We’ll be regularly updating our GDPR resource centre with the latest news, tips, videos and coverage from our GDPR ThinkTank sessions on Milton Park.