Certain types of organisations are required by law to appoint a data protection officer (DPO) if;
- you are a public authority or body (except for courts acting in their judicial capacity);
- your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
- your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority.
The DPO should be an independent voice and an expert in the field of data protection.
Shepard Consulting offers a DPO service at a monthly fee to organisations. This can be a more cost effective way of having the expert data protection knowledge on hand to the organisation without the ongoing costs of recruiting a full time member of staff.