GDPR III—act now, act swiftly
18 May 2017 | 0
He pointed out that any DPO appointed may not be as familiar with the sector initially as would be ideal. “Financial services has been heavily regulated for decades so a deep knowledge is required in that context as opposed to, for example, a relatively simple sales enterprise. A recruitment agency may be quite different again. The same issue arises in choosing an outsourced option—domain knowledge will be required of the person actually acting as DPO.
“In addition, that external DPO would have to be given an internal liaison person to feed such knowledge about ‘how we do things’ or the DPO will have to waste time learning. That could possibly be expensive in terms of time, particularly for SMEs which are probably the most likely to go for an outsourced DPO service. Another category is smaller public bodies, for example, required to have DPOs but lacking the expertise or the budget. They could share a DPO service because it would all be in the same general domain and standard practices and activities.”