The first priority in your GDPR compliance journey will be determining whether you need to appoint a Data Protection Officer (DPO).
There are specific circumstances where a DPO must be appointed, for example, if your organisation is a public authority or deals with large scale processing of special categories of data. For further information on when a DPO is required see our Geldards DPO Flowchart.
The DPO will need to have professional experience and knowledge of data protection law. The DPO’s role will be to inform and advise your organisation and your employees about their obligations to comply with the GDPR and other data protection laws, to monitor compliance and conduct audits and advise on data protection impact assessments. It is therefore important that you bring them on board at the earliest opportunity. They should operate independently and report to the highest management level of your organisation.
Regardless of whether the GDPR requires your organisation to appoint a DPO, you must ensure that you are compliant with the requirements of the GDPR by 25th May 2018.
If you would like any further information about the GDPR and how it might affect your business please download our Geldards Guide or if you would like to discuss how Geldards can help with training on the GDPR, please do not hesitate to contact our Information Law Team.
INFORMATION LAW >>GELDARDS GUIDE TO GDPR >> EMPLOYMENT >>