The throngs of daily visitors gazing in wonder at the Crown Jewels in the Tower of London might not realise it, but they too are under close scrutiny—more than 100 hidden CCTV cameras monitor their every move.
At the slightest hint of trouble, the people responsible for the security of the Crown Jewels will spring into action. That’s 22 members of the Tower Guard (on detachment from the British Army) as well as some of the 38 Yeoman Warders, all ex-military personnel.
Now, your organisation might not have priceless ceremonial objects or thousands of jewels to protect, but you do have valuable personal information about tenants, employees and contractors that you have and these must be kept secure.
That’s why under the EU’s General Data Protection Regulation (GDPR), if you are a public authority, or if you carry out certain types of processing activities you must appoint a Data Protection Officer (DPO).
Similarly, if your core activities require large-scale, regular and systematic monitoring of individuals (for example, online behaviour tracking) or your core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences, you must appoint a DPO.
It’s a position with a wide range of duties. A DPO is expected to monitor the organisation’s GDPR compliance; inform, advise and train the organisation about data protection obligations; provide advice about Data Protection Impact Assessments (DPIAs); and act as the point of contact for data subjects and the supervisory authority (the Information Commissioner’s Office).
Your DPO needs to be independent; an expert in data protection and must report to your organisation’s highest management level.
You can appoint someone within your organisation to the role or use the services of an external data processor provider.
A 2016 study estimated that at least 28,000 DPOs would need to be appointed across Europe.
Colin Sales, 3C Consultants’ Managing Director, explains in this video that even if your organisation doesn’t need to appoint a DPO, you must ensure that you have sufficient staff and skills to discharge your data protection obligations under the GDPR.
If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.
 ‘Study: At least 28,000 DPOs needed to meet GDPR requirements’, Heimes, Rita, Pfeifle, Sam, iapp, https://iapp.org, April 19, 2016