In reality, almost all public sector organisations and not many private sector organisations. The DPO role is one of the most misunderstood aspects of GDPR. Privacy Kitchen has great videos on [YouTube cookies and privacy policy apply]:
Some organisations need a DPO. Some decide to voluntarily appoint a DPO – and there are many good reasons to do so, not least to show your stakeholders that you take Privacy seriously. be aware though, that simply using the job title DPO or Data Protection Officer introduces the obligations on both the individual and the organisation as set out in GDPR.
The current draft Bill sets out a Senior Responsible Individual or SRI to replace the DPO under UK GDPR. We’ll have to see how the Bill travels through parliament before we know for sure but, on the basis of the draft Bill, the SRI may lead to a greatly expanded list of obligations – dare we say tick boxes? – that organisations need to cover over and above those for a DPO.
Keepabl has published a simple side-by-side guide to the proposed changes regarding RoPAs, DPOs, DPIAs and DSRs.
Robert can guide you through the decision process on DPO and, if you need to decide to have a DPO, we can act as your external DPO.
SeeĀ all our Services