Bored of 2017 yet? Well, don’t worry: 2018 is on the way and it’s packed with exciting events, such the World Cup in Russia, the Winter Olympics in South Korea, and the implementation of the General Data Protection Regulation (GDPR) in May! So, plenty to look forward to.
New rules are-a-coming – one of which is the requirement for councils and other bodies that process vast amounts of data to appoint a data protection officer (DPO).
Now, this is a role that can shared – for instance, where local public services are already in a shared service arrangement – but care needs to be taken.
Some councils have already passed the DPO role to their chief information officer (CIO) or chief digital officer (CDO). Alas, this isn’t necessarily a great idea.
Unless the CIO or CDO has a very broad data remit, is sitting at board level, is leading on information governance across the organisation and has expert knowledge of the GDPR, you might want to think carefully about creating a new DPO position.
Furthermore, the GDPR’s guidance states that the DPO must be independent from the data controller and mustn’t be responsible for the determination of the purposes and means of processing personal information.
Luckily, Socitm recently published a Member Briefing covering the GDPR in depth, including the potential pitfalls of how you cover the role of DPO. Click here to access ‘Turning the GDPR from a Data Headache into an Information Opportunity’.