If any of the following apply to you, then the GDPR requires you to appoint a Data Protection Officer:
you are a public authority or body (other than a court of law processing data in relation to its judicial operations)
your core activities involve regular, systematic and large-scale monitoring of data subjects
your core activities consist of the large-scale processing of special categories of data, or data relating to criminal convictions and offences.
If your Data Protection Officer also holds another role within the organisation, that other role cannot involve determining the purposes and means of processing personal data. If it does, a conflict of interest will arise, which will disqualify that person from acting as Data Protection Officer. This may be the case for senior management positions such as chief executive, chief financial officer, head of marketing, head of IT, or head of human resources, and also some other positions further down the hierarchy.
This problem can be avoided by appointing us to act as your external Data Protection Officer.
We can act as your organisation’s outsourced Data Protection Officer.
Design, implementation and management of a privacy governance framework
Data protection audits
Data protection impact assessments
Reviewing vendor contracts and consents
Recording of data assets and exports
Data security incident management planning
Handling subject access requests and other requests from individuals
Liaison with supervisory authorities and ensuring appropriate filings
Internal awareness raising, information provision and advice