January 3rd, 2017 AI Insight
This has serious repercussions for all UK Data Controllers and Data Processors alike, and if you haven’t started preparing for this, don’t put it off any longer.
But where do you start? How do you identify what you need to do and begin to understand what the new obligations are?
You may want to consider one element of the new Regulations which is the requirement for a Data Protection Officer to be in post.
This requirement applies to organisations that meet the following criteria:
The regulations place a range of responsibilities onto Data Protection Officers which include:
Therefore, the person appointed must be impartial, and must be able to give independent advice in the best interests of everyone concerned.
Where previously, in many organisations, the role of Data Protection Officer was appointed as a secondary responsibility at lower or middle management level, the Regulations have turned this around. The position of the new Data Protection Officers under GDPR has risen to being a senior role, now reporting directly to the highest management level or executive board.
In short, the Data Protection Officer must be involved and consulted wherever personal information is being processed.
They cannot be dismissed or penalised for performing their required tasks and should not receive any instruction on what, or how, to exercise those tasks.
Basically, what they say goes.
Appointing a Data Protection Officer is just one of the next steps to getting your organisation “GDPR ready.”
Our GDPR readiness work packages are designed to provide organisations with a full assessment of their readiness for the implementation of the new data protection regulations.
We will provide, amongst other activities, a clear understanding and visibility of an organisation’s current level of compliance, provide recommendations for change, and identify immediate and high impact risk areas to be addressed in the short term.