Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR – The Role of the Data Protection Officer (DPO)

Published byHilary Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "GDPR – The Role of the Data Protection Officer (DPO)"— Presentation transcript:

1 GDPR – The Role of the Data Protection Officer (DPO)
Dai Durbridge

2 This session Run through the role of the DPO
Time to answer some questions

3 Why all the fuss about GDPR?
Update to 1998 Data Protection Act Creates DPO role Refocus on stronger data security and privacy rules Up to €20,000,000 fine 25 May 2018

4 Do we need a DPO? Yes GDPR requires a DPO to be appointed by public authorities and (currently) this includes state schools and academies

5 Was there a rumour schools won’t need a DPO?
There was indeed…

6 Do MATS need a DPO for each academy
No MAT is a single legal entity so the requirement will be for one DPO per MAT However, consider the team the DPO needs around them

7 What does the DPO role entail?
Articles 37 to 39 Monitor GDPR compliance and implementation and application of data protection policies Inform/advise school and staff about GDPR obligations Advise whether and how to carry out DPIA

8 What does the DPO role entail?
Cont… Be the point of contact for the ICO Train staff Carry out internal data audits

9 What qualifications does a DPO need?
No precise credentials specified by the GDPR, but…. DPO must have expert knowledge of data protection law and practice Training will be needed Recognised accreditations likely in due course

10 What support should the school provide?
Active support of the DPO function by senior management Sufficient time and resources for DPO to fulfil their duties Communicate designation of DPO to all staff Continuous training

11 What support should the school provide?
Cont… Ensure DPO is involved in all data protection DPO reports to SLT/governors/MAT Board DPO operates independently DPO can be contacted by data subjects

12 Who should be your DPO? No need to employ new person or make it a sole role Consider experience and knowledge of data protection law and practices Can be a DPO for more than one school – but consider: Organisation structure and size Accessibility of the DPO from each establishment

13 What about potential conflict?
GDPR Working Party: “As a rule of thumb, conflicting positions may include senior management positions (such as chief executive, chief operating, chief financial, chief medical officer, head of marketing department, head of Human Resources or head of IT departments) but also other roles lower down in the organisational structure if such positions or roles lead to the determination of purposes and means of processing.”  

14 How does this apply to my school?
Not about the title held but the role undertaken First focus on the abilities of the candidate then address whether that person – because of the role they undertake – is conflicted IT lead is best example

15 Can I outsource the DPO role?
Yes Consider due diligence, cost, SLAs

16 Should I take the role if offered?
The million dollar question!

17 Talk to us Please note The information contained in these notes is based on the position at January It does, of course, only represent a summary of the subject matter covered and is not intended to be a substitute for detailed advice. If you would like to discuss any of the matters covered in further detail, our team would be happy to do so. © Browne Jacobson LLP Browne Jacobson LLP is a limited liability partnership. Dai Durbridge | |

18 GDPR – The Role of the Data Protection Officer (DPO)
Dai Durbridge 27 November 2017

Download ppt "GDPR – The Role of the Data Protection Officer (DPO)"

Similar presentations

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Webinar: How to handle PRP appeals -------------------------------------- Presented by Heather Mitchell, employment lawyer at Browne Jacobson.

Webinar: How to handle PRP appeals Presented by Heather Mitchell, employment lawyer at Browne Jacobson.
IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.

IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.
The Use of Actuaries as Part of a Supervisory Model Michael Hafeman – Consultant World Bank May 2004.

The Use of Actuaries as Part of a Supervisory Model Michael Hafeman – Consultant World Bank May 2004.
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: +64 4 924 3460 Mob: +64 21 310 216

SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.

1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.
Foresight and Futureproofing Your chance to hear about the big issues facing the third sector in 2016.

Foresight and Futureproofing Your chance to hear about the big issues facing the third sector in 2016.
All you need to know about MATs

All you need to know about MATs
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Government Internal Audit Career

Government Internal Audit Career
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
ACADEMY CONVERSION AND MEMBERSHIP OF THE CHILTERN LEARNING TRUST

ACADEMY CONVERSION AND MEMBERSHIP OF THE CHILTERN LEARNING TRUST
Governance and Management Trust Board of Directors Trustees for all Academies in Trust Senior Management Staff Appointed by Board to discharge.

Governance and Management Trust Board of Directors Trustees for all Academies in Trust Senior Management Staff Appointed by Board to discharge.
Governance and Management

Governance and Management
Providing assurance on risk management and controls

Providing assurance on risk management and controls
Nick MacKenzie, Partner, Browne Jacobson LLP

Nick MacKenzie, Partner, Browne Jacobson LLP
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance
Running a Privacy Impact Assessment (PIA)

Running a Privacy Impact Assessment (PIA)

Similar presentations

Ads by Google