Questions you need to ask your DPO
At C-suite level, you will be held personally liable under the GDPR legislation so, whilst you might not need to be responsible for the implementation of data protection processes, you will certainly need to have asked the right questions of your Data Protection Officer to ensure that neither the company nor you as an individual don’t get into hot water.
Before we get into those questions, you need to know whether your organisation is required to have a DPO.
According to the ICO, the GDPR requires the designation of a DPO in three specific cases:
Your DPO can be someone already within the organisation, if they have no conflict of interest with their existing professional duties, you can appoint a new, dedicated DPO or you can contract out the role to an external supplier. With the correct tools and backing, for example using a Privacy Management System such as PrivacyEngine, it is simple for an internal member of staff to take on this role and feel fully supported.
Answers to further FAQs on the role and responsibilities of DPOs can be found here http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_annex_en_40856.pdf
Questions to ask…
When the legislation comes into force next year, it will be too late to consider whether you should be taking steps to ensure that you are protecting individuals’ privacy as the ICO will be empowered to take action from 25 May 2018. There is no grace period, and it is our expectation that they have some companies in their sights already.
To avoid problems down the line, take some time to sit down with your DPO and ensure that you know the answers to the following:
Asking these questions is the first step towards safeguarding your and your company’s reputation so don’t delay.