The EU General Data Protection Regulation (GDPR) introduced a requirement for some organisations to appoint a Data Protection Officer (DPO). The statutory functions of a DPO includes monitoring compliance with GDPR, advising on data protection obligations, providing advice with regards to Data Protection Impact Assessments and acting as a contact point for data subjects, staff and Supervisory Authorities. The DPO must be able to act independently, be a subject matter expert in data protection, adequately resourced, and report to the highest management level.

The DPO role can be delivered by an external service. All our DPOs have ten years experience of working in data protection in health; and all have had operational information governance jobs within the NHS during their careers.

Kaleidoscope offers a range of services to meet an organisation’s requirement for a DPO. Where an organisation does not meet the criteria for requiring a DPO, but EU state legislation requires a named person, Kaleidoscope can also provide the service of a Privacy Lead. This is particularly relevant for Clinical Trials.