With GDPR on the horizon, organizations should already be making the necessary adjustments to ensure compliance out of the gate. One of the biggest changes to your org chart could be the GDPR-mandated need for a Data Protection Officer.
In our latest webinar, Debra J. Farber, noted data security and privacy expert, explained to us the details of this critical new role. But you may be wondering, “Wait, am I required to have a DPO?” Lucky for you, Debra answered that question, and many more!
GDPR, along with recommendations from Working Group 29, outlines the DPO role and its responsibilities. Still, questions remain about when organizations should hire a DPO, who they should report to, and what background they need to have. Debra even suggests situations where a company isn’t required by GDPR to have a DPO, yet they still might want to appoint one.
Drilling deeper, Debra talks about acceptable DPO reporting structures and limitations on what other responsibilities those filling that role can assume. Debra even points to GDPR requirements that essentially eliminate Chief Privacy Officers, CISOs, CIOs, and several others from holding the DPO role.
So where should you begin to look for your DPO? Debra recommends those with compliance or audit experience, or even a person or service outside your company. And, Debra included a sample job description to help kickstart your search.
Even if you’ve already appointed a DPO, it’s helpful to hear Debra’s comments on the role and its responsibilities. As has been proven again and again, we can never be too educated on the intricacies of GDPR.