Memo to the board making recommendations in relation to appointing a DPO
Memo to the board making recommendations in relation to appointing a DPO

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Memo to the board making recommendations in relation to appointing a DPO

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Risk & Compliance?

Date: [insert date]

Introduction

One of the key requirements of the General Data Protection Regulation (GDPR) is for certain organisations to appoint a designated individual to be the Data Protection Officer (DPO). I have reviewed the requirements in the light of [insert name of organisation]’s activities and this note sets out my conclusions and recommendations and the factors I have taken into account in reaching them.

A brief summary of the GDPR requirements relating to DPOs is attached.

Factors relevant to [insert name of organisation]’s appointment of a DPO

Core activities: [describe the core activities of the organisation, ie the organisation’s primary activities rather than ancillary activities that may involve processing data. Consider, eg whether the organisation is a private entity carrying out a public function in any areas of its work]

Controller or processor: [describe whether the organisation is a controller or a processor in

Related documents:

Popular documents