The EU General Data Protection Regulation (GDPR) introduced a requirement for some organisations to appoint a Data Protection Officer (DPO). The statutory functions of a DPO includes monitoring compliance with GDPR, advising on data protection obligations, providing advice with regards to Data Protection Impact Assessments and acting as a contact point for data subjects, staff and Supervisory Authorities. The DPO must be able to act independently, be a subject matter expert in data protection, adequately resourced, and report to the highest management level.
The DPO role can be delivered by an external service.
Kaleidoscope offers a range of services to meet an organisation’s requirement for a DPO. Where an organisation does not meet the criteria for requiring a DPO, but EU state legislation requires a named person, Kaleidoscope can also provide the service of a Privacy Lead. This is particularly relevant for Clinical Trials.