Data protection officer

Copyright © 2025 LexisNexis

Under the UK General Data Protection Regulation (UK GDPR), certain organisations are required to appoint an individual to act as their data protection officer (DPO). Others may choose to appoint a DPO on a voluntary basis. In either case, the organisation will need to consider who should be the DPO, what the DPO’s duties will be and what the organisation’s obligations are in relation to the DPO.

For information on the circumstances where the UK GDPR requires you to appoint a DPO, see Practice Note: Data protection officer and DPO appointment decision tree.

Voluntary DPOs

You should consider whether to appoint a DPO even where you are not required to under the UK GDPR. Guidelines on DPOs published by the Article 29 Data Protection Working Party and subsequently endorsed by the European Data Protection Board (EDPB) (EDPB guidance) and the Information Commissioner’s Office (ICO) guidance encourage voluntary appointment of a DPO, but with an important caveat—it doesn’t matter whether your DPO’s appointment is voluntary or mandatory, if your organisation has a DPO, all the requirements of the UK GDPR relating to DPOs apply—see Practice Note: To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

Ex-Luxury perfume boss denies violating Russian sanctions

Law360, London: The former boss of a luxury perfume group has denied breaching his duties by violating Russian sanctions, saying the company was aware of its ongoing business in Russia and the claim is a 'contrivance' to justify his removal as chief executive.

Risk & Compliance weekly highlights—23 October 2025

This week's edition of Risk and Compliance weekly highlights includes our latest Risk & Compliance forecast, EDPB’s opinions on extending the UK’s data adequacy decisions, new OFSI general licences, the UN’s reimposed Iran sanctions, and HM Treasury’s confirmation of the FCA as the new Single Professional Services Supervisor.

FCA to take reins of AML regulation from SRA

Law360, London: The government said on 21 October 2025 that the Financial Conduct Authority (FCA) will become the sole regulator of anti-money laundering (AML) and counter-terrorism financing (CTF) for professional services providers, slashing the supervisory role of the Solicitors Regulation Authority (SRA) and other industry regulators.

UK Government sanctions gangs and financiers in people-smuggling crackdown

The UK Government has imposed sanctions on criminal networks facilitating people-smuggling through Western Balkans routes, targeting 13 individuals and entities under the Global Irregular Migration Sanctions Regime. The measures include asset freezes and travel bans against the Kosovo-based Krasniqi forgery network, Croatian gang leader Nusret Seferović, and the ALPA Trading financial network. This represents the second sanctions package since the regime launched, with the government also announcing £10m investment to combat people-smuggling across the region.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a
Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a