Data Protection & GDPR… the two phrases that might just make you want to fall asleep. Please don’t, this blog post could be the answer to your problems!

Under the EU GDPR (General Data Protection Regulation), certain organisations are required to appoint a Data Protection Officer (DPO). If you are not sure whether your business fits the criteria, here is the list for you. If your business is a public authority or body, or if its core activities consist of the following, you need a DPO:

Data processing operations that require regular and systematic monitoring of data subjects on a large scale.

Large-scale processing of special categories of personal data (‘sensitive data’) or personal data relating to criminal convictions and offences.

Tasks Required of a DPO

If your business does not fit the criteria mentioned above, when you see the long list of tasks that DPOs are required to perform, you might want to consider outsourcing this role. Allowing your staff to focus on their core roles and responsibilities.

    • Informing and advising the organisation and its employees of their data protection obligations under the GDPR.


    • Monitoring the organisation’s compliance with the GDPR and internal data protection policies. This includes monitoring the assignment of responsibilities, awareness training and much more.


    • Advising on the necessity of Data Protection Impact Assessments, and how to implement the actions.


    • Serving as the point of contract to data protection authorities for all data protection issues including breach reporting.


    • Serving as the point of contact for individuals (data subjects) on privacy matters and subject access requests.

Does the sound of all of that responsibility worry you? That is why we have a specialist team of GDPR experts who can act as a DPO for your business on a retained basis. If you would like more information on the services we offer, please contact us today.