Data protection officer
Data protection officer

The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:

  • Data protection officer
  • Mandatory appointment of a DPO
  • Public tasks carried out by non-public bodies
  • Core activities
  • Regular and systematic monitoring
  • Large scale
  • Local law requirements
  • Voluntary appointment of a DPO
  • Organisations that already have a voluntary DPO
  • Who should be the DPO
  • More...

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Risk & Compliance?

This document reflects the UK GDPR regime. References and links to the GDPR refer to the UK GDPR (Retained Regulation (EU) 2016/679) unless expressly stated otherwise.

Under Retained Regulation (EU) 2016/679, General Data Protection Regulation (UK GDPR), certain organisations are required to appoint an individual to act as their data protection officer (DPO). The concept of the DPO is not new however. Many organisations have appointed an individual with this job title and in some jurisdictions DPOs are a legal requirement in certain circumstances under local law.

This Practice Note sets out when organisations must appoint a data protection officer (DPO) to comply with the GDPR and the pros and cons of voluntarily appointing a DPO. It also considers who should be the organisation’s DPO, the duties of the DPO and the risk of conflicts of interest. It should be read in

Popular documents