Do you Have to hire a DPO?
Published on: January 7, 2021
Data protection officers have many tasks as set out in the European General Data Protection
One of the tasks is to ensure that an organization processes its staff’s, customer’s, and provider’s
personal information according to the Regulation and to the organization’s ownpolicies. When
establishing a new business, it is essential to gain an understanding of the complex rules around
data protection and privacy.
Many small businesses, when offering services globally, will be faced with a complex web of
rules and regulations. . A small technology business could employ the use of outside accounting
staff, virus protection software, and Data Protection Officers. The latter may serve to greatly
benefit a business in its own security, compliance and in its customer relations.
The General Data Protection Regulation
The GDPR sets out a set of legal requirements to regulate how all businesses manage personal
data. The Regulation applies to organisations big and small. It took effect on 25 May 2018.
Given the complexity of GDPR rules, it makes sense to appoint a DPO where you process data
relating to people in the European Union. The GDPR also specifies a few scenarios where the
appointment of a DPO is mandatory. This applies to asmall business as well as to data giants.
Those scenarios are where:
- the core activities of the organisation consist of regular and systematic
monitoring of data subjects on a large scale; or
- the core activities of the organisation consist of processing on a large scale of
special categories of data or personal data relating to criminal convictions and
In many cases, smaller organizations will choose to the employ the services of an external Data
Which Industries Are Most Likely to Require Protection Officers?
Organizations in certain industries are more likely to require the appointment of a Data
Protection Officer. For example, a technology company is likely to require a Data Protection
Officer’s services because it is likely to undertake large scale monitoring of people and their
actions. Those who operate small online retail businesses may also require assistance from a
Data Protection Officer if they process large amounts of their consumers’ special category
personal information (SPI or SPD).
Regardless of whether the appointment of a DPO a mandatory requirement under the GDPR’s
scenarios, in many cases it just makes sense to appoint someone who can guide an organisation
on its data protection obligations.
This means that the DPO for a company such as an online retailer could help by ensuring that the
customers are protected on the basis of two elements. First of all, the DPO helps ensure that
customers’ data is collected and processed in a lawful and GDPR-compliant manner. The DPO
also helps lower the risk that customers experience compromise of any of their personal data,
such as credit card numbers, online payment accounts, or even bank accounts.
Given the complexity of the GDPR, and other upcoming privacy regulations worldwide, many
organisations, large and small, are choosing to appoint a DPO to help them manage their
obligations and maintain customer trust when it comes to their data. For smaller companies, an
outsourced DPO arrangement makes sense, helping them maintain compliance and trust while
not having the long-term commitment of an inhouse resource.