Many people attending our Certified EU GDPR training courses are extremely concerned about what the incoming Regulation means for their organisation. Many attendees also want to understand the role of the data protection officer (DPO) and establish whether their organisation needs one.
A study by the International Association of Privacy Professionals (IAPP) indicates that Europe will need at least 28,000 DPOs under the new GDPR. The number of DPOs is estimated based on official statistics about public- and private-sector data controllers within the European Union.
This requirement for the appointment of a DPO is completely new to Irish organisations. All Irish public service bodies and organisations handling and processing high volumes of personal data will now have to hire, appoint or contract a DPO. Even where the GDPR does not specifically require the appointment of a DPO, it is highly encouraged by the European Article 29 Working Party (WP29) as a matter of good practice and to demonstrate compliance.
The GDPR requires DPOs to be appointed on the basis of their professional qualifications and qualities, in particular “expert knowledge of data protection law and practices”. An organisation’s DPO may be either an employee or a third party who provides DPO services, depending on certain criteria.
Unsure whether your organisation requires a DPO? Learn from the experts how the GDPR will affect your organisation on our one-day Certified EU GDPR Foundation course.