Can employing a DPO help you sleep better at night?

Can employing a DPO help you sleep better at night?

For the legal profession in particular, the risk of data breaches holds fearful consequences. Potential bank breaking fines—such as the proposed £300m Information Commissioners Office (ICO) fines for BA and Marriott breaches and loss of reputation are just some of the issues you could be facing.

Despite the high risk for firms, the latest ICO figures placed the legal sector in the top five for the most reported data security incidents—with law firms being responsible for 8% of the 4,056 data breaches reported between July and September 2018.

With this alarming knowledge, it is no wonder the notion of a data breach keeps many up at night. But, there could be an answer to put minds at rest by employing a Data Protection Officer (DPO).

I am sure that following the introduction of the General Data Protection Regulation, you, like many firms thought, ‘I do not have a duty to appoint a DPO as I am not a public authority or body’. Yes, under law this may be true. However, many overlooked the value it could bring by employing a DPO on a voluntary basis.

Whether it is protecting your firm’s reputation or damaging financial repercussions that could follow a data breach, or having an authority to ensure you are complying with data regulations, DPOs can be very useful—keeping you one step ahead in this data filled world.

What is a DPO?

As outlined by the ICO a DPO’s aim is to “assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority.”


  • should be an independent data expert and adequality resourced
  • must report to the highest management level
  • can be an employee or external

Why are DPOs beneficial to me?

Why do you need a DPO? The question should be ‘Why do we not have one?’

As the number of data breaches reported in the legal profession rises, the risks get higher. Having a DPO could be the answer to staying protected—and knowing how to handle a breach when it happens.

DPOs are particularly valuable:

  • in helping roll out a unified and efficient approach to privacy regulation, covering all factors from HR and business planning, to website content and cyber security
  • as an insurance policy— having a DPO can often reduce business risk insurance premiums.   The DPO helps to drive GDPR compliance and help identify risk factors before they become they escalate
  • to help educate and train your employees on data privacy procedures
  • to keep your data breach response plans up to date and ensuring they are properly rolled out.  For example, meeting the 72-hour response requirement stipulated by the ICO to report a breach and knowing the correct information to report
  • to oversee the use of technical tools such as   Cordery Breach Navigator, which helps identify and manage data breaches efficiently

If you are now planning on employing a DPO in your firm, see LexisPSL practice note: GDPR compliance—data protection officer—law firms—overview, for more information and guidance.

Related Articles:
Latest Articles:
About the author:

Hannah is one of the Future of Law blog’s digital and technical editors. She graduated from Northumbria University with a degree in History and Politics and previously freelanced for News UK, before working as a senior news editor for LexisNexis.