Data Protection Officer Service (DPO)

The General Data Protection Regulation (GDPR) became European law on 27 April 2016 and comes into force on 25 May 2018. This will be incorporated into UK law by the Data Protection Act 2018. The UK government has made it clear that GDPR principles will survive BREXIT, as adequacy with European law enables the exchange of personal data across EU states, which is necessary for many UK businesses.

Within the Regulation is a duty for some organisations to appoint a person responsible for compliance monitoring – the Data Protection Officer (DPO). This role – and the role title – are protected in the legislation, and bring protected powers within the appointing organisation. Organisations that will be required to appoint a DPO are:

  • Public authorities or bodies
  • Where processing personal data is a core business activity
  • Where processing personal data is on a large scale
  • Where processing is regular or the processor operates systematic monitoring
  • Where processing includes special categories of personal data or data relating to criminal convictions and offences.

Both Data Controllers and Data Processors may be required to appoint a DPO.

The guidance, which has statutory force, includes the specific facility for the role to be carried out under a service contract. Kaleidoscope Consultants can provide the service of a qualified and experienced Data Protection Officer.