As the world sets into a frenzied panic regarding the General Data Protection Regulation (“GDPR”), there is one topic of compliance that is not discussed often enough and that is Data Protection Officers. While the name projects an image of some guy or gal in glasses, a suit and a constantly nervous disposition, Data Protection Officers may be an integral part of GDPR compliance in some companies. So how do you know if you need one of these nerds on your team (obviously we are using the term “nerd” in an endearing and loving fashion because we care for our own)?
According to the GDPR, you need a Data Protection Officer if:
- The processing of data is carried out by a public authority or body, except in the case of courts acting in their judicial capacity. This shouldn’t apply to our readers;
- The core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale. This basically means that if you are regularly and systematically monitoring a lot of people on a large scale, then you need a Data Protection Officer; or
- The core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10. If you are processing This means that if you are processing special categories of data such as political opinions, racial or ethnic origin, etc. or are processing data related to criminal convictions or offenses, then you need a Data Protection Officer.
If you do end up needing a Data Protection Officer, you have to make sure that the person is properly qualified to do that particular job. You can learn more about what that means here.
Protect yo’ self,