We are now offering Virtual Training to customers, if you are interested please visit the Virtual Training page and contact us firstname.lastname@example.org.
Spotlight on........Data Protection Officers
Does your organisation need to appoint a Data Protection Officer? The Data Protection Act 2018, which applies the UK GDPR, introduced the statutory post of the Data Protection Officer (DPO). The law (article 37) requires organisations to employ a DPO where:
The role of the DPO is to advise on, and monitor, compliance with data protection legislation. They act as a single point of contact for the Information Commissioners Office (the regulator). The Data Controller is required to support the DPO in performing their tasks by providing the resources necessary to carry out those tasks. The Data Controller cannot instruct the DPO on the exercise of their tasks and cannot dismiss or penalise them for performing their tasks. The DPO must report to the highest management level of the Data Controller.
The DPO can fulfil other tasks and duties so long as there is no conflict of interest. For this reason the DPO should not undertake other roles which enable them to set policy or make decisions about how or why personal data will be processed by the organisation.
The DPO must be designated on the basis of professional qualities and expert knowledge of data protection law and practices.
This statutory post can be fulfilled in a number of ways:
It is important that those who fulfil the DPO role are appropriately trained to understand their duties, and they are required to maintain their expert knowledge.
If you want to refresh your knowledge or seek to gain it, we offer virtual Data Protection Officer training sessions. We also provide a Data Protection Officer Service. Please contact us at IGS@essex.gov.uk for further information.