Meeting your UK-GDPR Article 37 requirements with a dedicated Data Protection Officer,
You are required to be supported by a DPO:
- If you are a public authority (NHS, Local Authority, GP Practice / Federation)
- If you process 'Special Category' Data as a core activity
- If you process criminal convictions
- If you monitor data subjects' regularly & systematically
If your organisation falls into any of the above categories and doesn't designate a DPO then it is breaking the law and could be fined by the ICO.
The DPO should educate the organisation on important compliance requirements, monitor GDPR compliance, and serve as a point of contact between the organisation and its supervisory authority – in the case of the UK, the Information Commissioner’s Office (ICO). They are also required to report to the highest management level (i.e. board level), who should provide them with adequate resources to fulfil their obligations.
The DPO advises the business as to how to use the personal data they have effectively and fairly, assists with their client concerns and helps the business get the right balance between its commercial desires and protecting the rights and freedoms of its clients.
Employing an outsourced DPO (DPOaaS), who is an expert in their field is a cost effective solution and could save you money and embarrassment reducing your risk of a data breach.
If, of course you don't fit the above requirements, but do want to make sure you're not breaking the law & to find out how compliant your company is: - we can help you with that too.