Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

Data Protection Officer

11 replies

HoldUppppp · 14/12/2021 12:17

If I have begrudgingly accepted the added role at work as a data protection officer, my details are about to be published on the company website.

Legally would I be held responsible or would it be the company should shit ever hit the fan?

OP posts:
gokartdillydilly · 15/12/2021 13:41

Directors will take the shit. They might blame you, but ultimately it's their necks on the line. However, you ought to clarify this with whomever has crowned you Queen of GDPR.

CovidPassQuestion · 15/12/2021 13:48

Isn't part of the role that you are legally responsible for certain things? This would need clarifying urgently.

OMGisthisforreal · 15/12/2021 13:51

I would demand training immediately then renegotiate terms of contract once remit of your role is established.

CrumblyCrimble · 15/12/2021 14:01

If the organisation you work for isn't legally required to have a DPO then I'd suggest you avoid this statutory title altogether. You could be the data protection manager or something instead. Your expose yourself and the organisation to compliance risks by being a DPO.
however if the organisation is required to have a DPO then all fine, carry on, read ICO website to understand your duties and congrats in the promotion! They obviously trust and respect you.

Theremoresefulday · 15/12/2021 14:05

Don’t you need to have been trained to be a dpo?

5thnonblonde · 15/12/2021 14:07

I think you need to ask legal/hr at work and ensure you all have a shared understanding of liability

Chloemol · 15/12/2021 14:16

Look up the role on the information commissioners office site

Tommika · 15/12/2021 14:17

Make sure that you are given details of your responsibilities, are trained, are given the resources and are empowered

However being DPO doesn’t offload other responsibilities in the business onto you, and doesn’t make you personally liable
You would however need to understand GDPR (both UK and EU depending on what data is held - the UK GDPR is a direct equivalent but if things differ over time then the company needs to be compliant with both if dealing with EU business & individuals) and you will need to identify data held throughout the business along with all procedures in place (or not in place)

ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/

MassDebate · 15/12/2021 14:32

DPO is only an adviser, it is the Board who remain responsible for data protection matters (speaking as a DPO).

GiltEdges · 15/12/2021 15:01

Well no, you wouldn't be individually, legally liable. That said, if a company appoints a DPO then they should do so based on their expert knowledge of data protection law and practice, so do you have that? Because if you don't it's going to be very difficult for you to fulfil the mandated tasks of a DPO as outlined in Article 39 of the UK GDPR.

Original poster
HoldUppppp · 16/12/2021 10:48

Oooh thanks for the replies.

It's a relatively small business so unfortunately I do seem to be lumbered with these tasks, think nothing of them, then when something goes wrong...I get the flack.

My knowledge of the data protection law is minimal. I know we pay something annually (a data protection fee) and have an opt out prefrance to marketing emails that I must always action but that's about it Grin

I'll have a read through the links posted.

Thanks.

OP posts:
New posts on this thread. Refresh page
Swipe left for the next trending thread