- Solicitors For Business
- Solicitors For You
- Armed Forces Claims
- Clinical Negligence
- Court of Protection
- Criminal Defence
- Driving Offences
- Family Law
- Intellectual Property
- Media Law
- Personal Injury
- Personal Immigration Services
- Personal Insolvency
- Professional Regulation and Discipline
- Residential Real Estate
- Wills, Trusts & Estate Planning
- Will Disputes
- About Us
- News & Events
Data Protection Officer Support
Since the introduction of the General Data Protection Regulation (GDPR), data protection officers (DPOs) have had to keep up with many key developments and rapid changes to the law. The London-based solicitors at JMW can provide vital legal support for DPOs to ensure that your business is achieving full GDPR compliance.
Our data management team understands the essential role DPOs play in helping companies to manage their data protection obligations. We can provide your in-house DPO with support and assistance on all aspects of data security and privacy, backed by a keen understanding of the latest developments in data protection law.
How JMW Can Help
For many organisations, appointing a DPO is a legal requirement of GDPR compliance, and a failure to properly manage data security policies can place the business at significant risk of operational disruption and financial setbacks.
JMW offers a comprehensive data protection officer support service to ensure that your business is able to meet all of its obligations and responsibilities under GDPR. Our services include:
- Helping your business to select a qualified DPO
- Assisting with data protection audits to assess the issues that your DPO will need to address
- Supporting in-house training to help your team integrate the responsibilities of the DPO into your management structure
- Providing ongoing legal guidance and support to ensure the DPO is monitoring GDPR compliance effectively
- Working with the DPO to respond quickly and effectively to emergency situations, such as a data breach
We have worked with corporate clients, public sector organisations and charities of various sizes, and are well-placed to provide the expert legal guidance your DPO requires to ensure that your organisation is processing data in a secure, transparent and responsible manner.
Do I need to appoint a DPO?
Under the rules laid out by GDPR, it is a legal requirement for organisations to appoint a DPO under the following circumstances:
- Your organisation is a public authority
- Your business’s core activities involve regular and systematic monitoring of individuals’ private data on a large scale
- Your company is involved in the large-scale processing of special categories of sensitive personal data, or information relating to criminal convictions
Even if your company does not fall into one of these categories, it can sometimes be a useful step to appoint a DPO to take ownership of the organisation’s data protection activities and oversee its GDPR compliance efforts.
What are the responsibilities of a DPO?
DPOs have clearly established tasks and responsibilities, as laid out in Article 39 of the GDPR legislation. These include:
- Informing and advising everyone within the organisation about their obligations to comply with GDPR and other relevant data protection laws
- Monitoring compliance with GDPR and internal data protection policies, including by managing data security activities, raising awareness of data protection issues, overseeing staff training and conducting internal audits
- Advising on and coordinating data protection impact assessments
- Cooperating with the Information Commissioner’s Office and other relevant supervisory data protection authorities, and acting as their first point of contact
- Acting as a point of contact for individuals whose data has been processed on privacy issues, including data subject access requests
DPOs can also be assigned other tasks by their employers as part of their role, provided that none of these additional responsibilities interfere with their core GDPR-mandated duties.
Who can be chosen as a DPO?
GDPR does not specify strict or precise criteria for who can be selected as a DPO, other than they must possess professional qualities and expertise in data protection that are appropriate for the responsibilities they will fulfil within your organisation.
It is best to appoint a DPO who can fulfil the following criteria:
- A strong understanding of data protection laws, and of the specific requirements and expectations of your sector
- Robust management skills to ensure they are able to promote a data protection culture within the organisation
- Strong communication abilities and an attention to detail
- Access to upper levels of management, allowing them to be involved in top-level discussions about business activities
- Full autonomy to be able to carry out their GDPR responsibilities with the support of the business
DPOs can be appointed internally or externally, so if you would prefer to appoint or hire a DPO outside the organisation, it is possible to do so on an outsourced basis.