Do I need a DPO (Data Protection Officer)? - Cribb Cyber Security

Do I need a DPO? It is a question we often field and one that many organisations are giving more consideration to. Today then, we pose some initial questions and answers that will hopefully answer this for you. Everything you will read is in line with the IASME Consortium’s guidance and if you would like to speak further, we’re more than happy to help.

Is your organisation a public authority or body? (No)

Do your core activities require regular and systematic monitoring of individuals on a large scale? (No)

Do your core activities involve processing ‘special categories’ of personal data, or ‘criminal convictions or offences data’, on a large scale? (No)

Your organisation does not need a DPO, but you can voluntarily appoint one. If you do appoint one voluntarily then you need to register them with the ICO. Although you may not need a DPO, it Is important to have someone in your organisation who is responsible for data protection.

Is your organisation a public authority or body? (Yes)

You will probably need to appoint a DPO, but there are some exemptions. To find out more, here is some guidance on data protection officers.

Is your organisation a public authority or body? (No)

Do your core activities require regular and systematic monitoring of individuals on a large scale? (Yes)

You will need to appoint a DPO.

Is your organisation a public authority or body? (No)

Do your core activities require regular and systematic monitoring of individuals on a large scale? (No)

Do your core activities involve processing ‘special categories’ of personal data, or ‘criminal convictions or offences data’, on a large scale? (Yes)

You will need to appoint a DPO, please refer to our guidance on data protection officers for more information.

So then, do I need a DPO? Does your organisation? If you do, do not hesitate to contact our cyber security experts. As you will have noted, public authorities and bodies will likely need a DPO, as will organisations processing large quantities of data. It is important then to take the necessary steps if you fall into either, or both, of these categories.

Read our article, “Do I need a UK Data Protection representative after Brexit?”.