³ÉÈËÓ°Òô

Data protection officer

Under the UK General Data Protection Regulation (UK GDPR), certain organisations are required to appoint an individual to act as their data protection officer (DPO). Others may choose to appoint a DPO on a voluntary basis. In either case, the organisation will need to consider who should be the DPO, what the DPO’s duties will be and what the organisation’s obligations are in relation to the DPO.

For information on the circumstances where the UK GDPR requires you to appoint a DPO, see Practice Note: Data protection officer and DPO appointment decision tree.

Voluntary DPOs

You should consider whether to appoint a DPO even where you are not required to under the UK GDPR. Guidelines on DPOs published by the Article 29 Data Protection Working Party and subsequently endorsed by the European Data Protection Board (EDPB) (EDPB guidance) and the Information Commissioner’s Office (ICO) guidance encourage voluntary appointment of a DPO, but with an important caveat—it doesn’t matter whether your DPO’s appointment is voluntary or mandatory, if your organisation has a DPO, all the requirements of the UK GDPR relating to DPOs apply—see Practice Note: To view the latest version of this document and thousands of others like it, sign-in with ³ÉÈËÓ°Òô or register for a free trial.

Powered by Lexis+®
Latest Risk & Compliance News
View Risk & Compliance by content type :

Popular documents