As data protection regulations and technology continue to evolve, there is a much greater need for strong corporate governance frameworks to improve accountability. For some organisations, there is a requirement to appoint a data protection officer (DPO), either as a member of the extended legal counsel team internally or by working with an externally appointed DPO.  

Understanding the value a DPO brings to the privacy programme can make finding the right partner easier.  Moreover, knowing how the team can prepare to work with this additional resource means your company can get the most impact from working with a DPO. 

In the first of our three-part series on working with an external DPO, we focus on how you ensure you first appoint the right person. Initial key considerations include: 

  • Qualifications: Under Article 37 of the GDPR, organisations must appoint a DPO on the basis of professional qualifications and expertise. These can include CIPP/E (Certified Information Processing Professional – Europe), legal qualifications or prior experience in a similar privacy management role. 
  • Industry knowledge: As privacy challenges vary from sector to sector, the DPO should have the necessary expertise to support your unique, sector-specific privacy challenges.  
  • References: Are there any prior companies who can give feedback on the work of the DPO you are thinking of appointing?  
  • Availability: One of the key benefits of appointing an external DPO is that it can free up internal resources, which can then be focused on other business priorities. Data breaches, for example, require immediate attention as there is a short window of time in which they must be contained and reported to regulators. It is essential to ensure that the DPO is adequately resourced to handle urgent matters. 

Protecting personal data is not only a legal requirement but critical to growth as a powerful tool to  sustain trust with customers and employees. Appointing the right DPO for your business can be the start of a powerful partnership that supports privacy programme development and the overall effectiveness of the privacy team. 

 

Watch out for part two of the series, where we will share insight into how an external DPO can oversee the successful maturation of the privacy programme. 

 

 

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at dpo@hewardmills.com.