The role of the data protection officer – five things you need to know

As programmes gather pace within organisations to meet the General Data Protection Regulation (GDPR) compliance deadline of May 2018 (and if you haven’t started something, we would suggest that it would make a good New Year’s resolution), some interesting questions start to emerge. One of these is the often thorny question of whether a formal Data Protection Officer (DPO) needs to be appointed, and how best to accommodate that role within an organisation.

The role has previously not always been considered to be a welcome addition to an existing workload, and is usually placed within the HR or legal teams. Data protection as a subject area has suffered from poor PR, and attendant lower levels of engagement amongst staff and management. The arrival of the GDPR is intended to change that, heralding a brave new dawn for data privacy amongst consumers, who are themselves now realising some of the more personal consequences of the wonders of modern technology.