Does I need to appoint a Data Protection Officer?

There have been lots of big changes regarding the new GDPR laws. Now that many people have started to understand these changes, they have begun to ask questions about what they need to do next. One of these big questions, for B2B businesses, is whether they need a Data Protection Officer to manage this new area of marketing. Here’s what you need to know about this.

You may not need a specific Data Protection Officer, but there will be strong controls around personal data that you need to consider and take steps to protect. We recommend that you hold any personal data in one secure place as this will allow you to streamline your compliance efforts.

However, Article 35 of the GDPR states that you WILL need to appoint a DPO if your organisation:

Is a public authority
Engages in large-scale systematic monitoring of personal data
Engages in large-scale processing of sensitive personal data.

If your business adheres to any of the above, you need to consider appointing a DPO immediately. On the plus side, the only requirement of the Data Protection Officers by the GDPR is that they have “expert knowledge of data protection law and practices”.

Furthermore, data processors will also have direct legal obligations and responsibilities. This means that processors can be held liable for data breaches. There will need to be clear responsibilities between the controller and processor and parties will need to document their data responsibilities even more clearly.

With the introduction of mandatory privacy risk impact assessments, data controllers must adopt a risk-based approach before undertaking higher-risk data processing activities. They will be required to conduct privacy impact assessments to minimise the risk to their data subjects.

Data controllers will also be required to report data breaches to their DPA within 72 hours of becoming aware of it unless it is unlikely to represent a risk to the right and freedoms of the data subjects in question. Where the risk is high, these subjects must be notified. Regular supply chain reviews and audits will also be required to ensure they are fit for purpose.

For more information on how the GDPR could affect you, download our GDPR First Aid Kit.

If you’re looking for further advice, have you seen our compliance checklist?

Solutions

Need

Products

Industry

Use Case

Platform

Omnichannel Marketing Automation

Integrations

Next steps

Services

Amazing Support

Partner Community

Consultancy & Services

Help centre

Resources

Events & Webinars

Case studies

That Marketing Podcast

Knowledge

Spotler

Spotler

Work with us

Get up to date

Get in touch

Does my business need to appoint a Data Protection Officer?

Solutions

Need

Products

Industry

Use Case

Platform

Omnichannel Marketing Automation

Integrations

Next steps

Services

Amazing Support

Partner Community

Consultancy & Services

Help centre

Resources

Events & Webinars

Case studies

That Marketing Podcast

Knowledge

Spotler

Spotler

Work with us

Get up to date

Get in touch

Does my business need to appoint a Data Protection Officer?

Related blogs

How CRM Software Can Help You Align Sales and Marketing

6 signs that you are ready for a chatbot

Thank you!