If you are a small to mid-sized company that is struggling to stay afloat in an increasingly competitive marketplace you may be asking yourself a key question: Do I need a Data Protection Officer? It’s an important question that a lot of SMEs struggle with due to the costs associated with hiring a full-time DPO. Below we’ll take a close look at the issue and provide an answer.
Does Every Organisation Need a Data Protection Officer?
The common misperception is that every company must appoint a Data Protection Officer. What muddles things even more for some is that we now have both the original EU GDPR and its offspring, the closely related UK GDPR, to contend with.
When do I Need a DPO?
Fortunately, the process of determining whether you need a DPO does not entail a bureaucratic slog. How you respond to the 5 questions below will provide your answer.
Question 1: Is your company based in the UK/EU and does it process information on UK/EU citizens and residents?
Question 2: Is your company based outside the UK/EU but counts UK/EU citizens and residents among its customers and processes information on them?
If you answered “No” to both of those questions you do not need a DPO. If you answered “Yes” to either question, continue on to the next question.
Question 3: Are you a public institution, authority or body?
If you answered “Yes” to this question, you need a DPO. If you answered “No” continue on to the next question.
Question 4: Do you process personal data of UK/EU citizens or residents as part of a core business activity, or simply for payroll purposes and the like?
If you only collect personal data on UK/EU residents for payroll-related purposes you do not need a DPO. If your data collection efforts are more extensive than that proceed to the following question.
Question 5: Do your data collection efforts include medical records, criminal records, financial information, information regarding religious beliefs, political beliefs and the like?
If you answered “Yes” to question 5 you will need to hire a DPO or make other arrangements.
DPO as a Service
Data Privacy Services offer cost-effective DPO as a Service that allows companies to fulfil their GDPR obligation without having to shoulder the cost of a full-time, in-house DPO. To learn more call Data Privacy Services today on 084 5835 7094.