Although the term ‘Data Protection Officer’ is not particularly new, the role has truly stepped out of the shadows since the European Union General Data Protection Regulation (GDPR) was adopted by all 28 member states. No surprise, as according to a study done by the IAPP, Europe will need at least 28,000 DPO’s by May 2018. Do you need to recruit a Data Protection Officer into your business? Here’s five reasons you might.
1. It might be required by law
Under the GDPR-regulation, many companies will be required to appoint a DPO. There are three criteria for deciding if you might be required to appoint a DPO:
- Your organisation is a public authority or a public body.
- The core activities of your organisation consist of regularly and systematically monitoring data subjects on a large scale.
- The core activities of your organisation consist of the processing of large amounts of sensitive data or data related to criminal convictions or offenses.
Make sure to also check the country your company is registered in. In some countries (like Germany) the appointment of a DPO is required even if you don’t meet the standards mentioned above. If you suspect you might be required to appoint a DPO by law, make sure you look into your country’s privacy related legisalation and the GDPR regulations. Even if you are not legally required to appoint a DPO, there are still good reasons to do so. We’ve listed a few here.
2. Paving the road to compliance
GDPR compliance is currently an important goal for many companies. No surprise, since businesses have until May 25th 2018 to become compliant and failing to do so will incur hefty fines. A dedicated DPO can help your company become GDPR compliant by guiding the departments in your business towards a new approach to privacy regulation. Furthermore, a DPO is also an important ingredient in growing a ‘privacy by design’ mindset in your business.
3. Independent advice is the best advice
Whether your DPO is necessary by law or not, the GDPR guidelines require your DPO to be an independent entity within your business. Even if you appoint one of your current employees as a DPO instead of bringing in new talent, your Data Protection Officer should be an independent voice working on behalf of your data subjects. An objective, independent source of advice is always a valuable information provider and will ensure the interests of your data subjects won’t be threatened by the interests of your company.
4. Privacy is hot!
With concerns over privacy and responsible data management growing, being a responsible data processor is becoming an attractive quality. As Debbie Evans, Global Legal and Commercial Director at Clearswift puts it: “Good information security and privacy can be used as a differentiator and help build reputation and grow a business.” Appointing a DPO as the ‘face of privacy’ in your company communicates your company’s dedication to responsible data ownership to stakeholders and can help mitigate customer’s growing concerns over the treatment of their personal information.
5. Mastering the tools of the trade
The final reason to appoint a DPO is to make sure that your company is equipped with not only the tools to become compliant, but also with an expert to wield them. Solutions such as our own ‘Data Stream Manager’ truly shine in the hands of a competent DPO. A dedicated DPO can quickly become a professional with the tools of the trade and use them to efficiently respond to changing environments and new challenges.