Under GDPR and the Data Protection Act 2018 some organisations and business are now required to appoint a Data Protection Officer (DPO). Whilst this role has existed for some years, with the new Regulations and the changing landscape on Data Protection, the role of a DPO has become ever more onerous and complex.
The problem facing many businesses and organisations is who will ensure compliance, deal with breaches, subject access requests, data impact assessments, and update policies. DPOs are a further expense on a business, good ones are difficult to find and often a business does not need an in-house appointment. If a business has a DPO, what happens when they are ill, or on extended leave?
The Role of a DPO
- Monitors compliance, Data Protection Policies and Procedures.
- Advises on Data Protection obligations.
- Acts as a contact point for the supervisory authority – Information Commissioners Office (ICO)
- GDPR requires a DPO to have 'expertise'
- The ICO will continue to issue guidance and best practice, which will need to be adopted to ensure compliance.
- GDPR states that the duties of a DPO are broad and include advising on Data Protection Impact Assessments, monitoring compliance with the Regulations, dealing with data breaches, and working with supervisory bodies.
- A DPO must act in an independent manner
Affinity Resolutions can act as an external DPO for any organisation in any given sector.
- Extensive commercial experience of guiding an organisation through regulatory change (public or private sector)
- A thorough understanding of GDPR and its practical application
- Ability to advise on legal matters relating to the regulation
- Significant practical experience of reviewing business policies, processes and specifying solutions for remediation
- A cost effective solution
What we do
Our DPO services includes:
- Providing an advisory telephone and email line for all your Data Protection Legislation and GDPR queries.
- Assisting in dealing with and managing data breaches.
- Advising on changes in the Data Protection Legislation and GDPR or new guidance and updates issued by the Information Commissioners Office (ICO)
- Acting as the nominated person for the ICO and serve as the primary point of contact.
- Assisting in dealing with subject access requests and the exercise of rights by data subjects.
- Undertaking an annual audit to measure compliance with the Data Protection Legislation and GDPR.
- Acting independently to ensure there is no conflict of interest.
- Working with key internal stakeholders in the review of projects and related data to ensure compliance with Data Protection Legislation and GDPR
- Advising on relevant training required for staff.
How can Affinity Resolutions Help?
We understand the needs of an organisation to use an outside business. With our unique legal, practical and marketing approach we will ensure that we create for you a bespoke agreement which both meets the GDPR and allows you to carry on your business as you wish