GDPR III—act now, act swiftly

GDPR
Image: Stockfresh

Print

PrintPrint
Pro

Read More:

18 May 2017 | 0

He pointed out that any DPO appointed may not be as familiar with the sector initially as would be ideal. “Financial services has been heavily regulated for decades so a deep knowledge is required in that context as opposed to, for example, a relatively simple sales enterprise. A recruitment agency may be quite different again. The same issue arises in choosing an outsourced option—domain knowledge will be required of the person actually acting as DPO.

I am conscious of the fact that the DPO is just one person, cannot do the whole lot and, in any event, the obligations and review to analyse the gaps that may exist extend across the whole organisation and functions from sales and marketing to IT. In larger organisations, it is key to have ‘data champions’ in different divisions and certainly in key data holding departments. It is also important to have and cultivate a culture of compliance throughout all staff, Tom Hulton, ADPO, An Post

“In addition, that external DPO would have to be given an internal liaison person to feed such knowledge about ‘how we do things’ or the DPO will have to waste time learning. That could possibly be expensive in terms of time, particularly for SMEs which are probably the most likely to go for an outsourced DPO service. Another category is smaller public bodies, for example, required to have DPOs but lacking the expertise or the budget. They could share a DPO service because it would all be in the same general domain and standard practices and activities.”

 

Read More:



Comments are closed.

Back to Top ↑