You should designate a Data Protection Officer (DPO), if required, or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
The GDPR requires some organisations to designate a DPO, for example public authorities or ones whose activities involve the regular and systematic monitoring of data subjects on a large scale. The important thing is to make sure that someone in your organisation, or an external data protection advisor, takes proper responsibility for your data protection compliance and has the knowledge, support and authority to do so effectively. Therefore you should consider now whether you will be required to designate a DPO and, if so, to assess whether your current approach to data protection compliance will meet the GDPR requirements.
Privacy is no longer just a compliance or security issue. It has become a strategic topic at boardroom level since significant changes to the European legislation were announced. In today’s business environment, increasing focus is being placed on privacy and (cyber) security compliance, governance and incident management. To be successful, companies need privacy professionals who are capable to manage privacy and security in a risk based and integrated manner.