Getting to Know the DPO and How to Adapt Corporate Structure to Comply With GDPR Requirements for the Role

The GDPR, which takes effect May 25, 2018, introduces the statutory position of the data protection officer (DPO), which will be a key role in ensuring compliance with the regulation. But where and how does this position function within the company? Many organizations preparing for compliance are focused on answering these questions. While the position is not novel, the GDPR introduces new requirements. We spoke with experienced DPOs and counsel from around the world to clarify and shed light on the GDPR provisions and recent Article 29 Working Party guidelines relevant to the DPO role. The first article in our two-part series on the topic examined when appointing a DPO will be mandatory, how to select a DPO and the requisite skillsets and responsibilities of the role, including the difference between the DPO and other privacy compliance roles. Part two covered how the DPO best fits in the corporate structure, how to manage the budget for this role and steps companies can proactively take to ensure they are prepared to comply with the GDPR’s DPO requirements. See also “Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty” (Nov. 2, 2016).

To read the full article

Continue reading your article with a CSLR subscription.