GDPR compliance – why you should appoint tlam to be your Data Protection Officer

There is a lot of preparation to be done before the GDPR Data Protection Laws come into force on May 25th. Amongst other things you have to document every process which you do which involves personal data, identify all of the types of data, the legal basis for holding it, how long you retain it for and document the measures you take to make it secure, you have to write Privacy Notices, have Processor agreements and lots more…

There is something else you have to do… you have to evaluate and document your reasons for deciding whether or not you need a Data Protection Officer, and the chances are that you will need one….

And the Data Protection Officer has to have particular skills and attributes and a particular position in your organisation:

  • They have to be invited to participate regularly in meetings of senior and middle management and their opinions on data protection given due weight
  • They must be given the time, resources and training required to carry out their tasks and maintain their expert knowledge
  • They must be able to perform their duties in an independent manner and cannot be instructed
  • There can be no conflict of interest so they cannot hold a position in your organisation which leads them to determine the purposes and means of processing personal data (so they cannot be a member of your senior team)
  • They cannot be dismissed or penalised for performing their tasks and this includes absence or delay in promotion or other benefits as well as dismissal
  • Data protection compliance is a corporate responsibility of the data controller not of the DPO

So this is a very difficult appointment to make

But help is at hand –

The Article 29 Working Party Guidelines on Data Protection Officers (“DPOs”) outlines how the function of the DPO can “be exercised on the basis of a service contract concluded with an individual or organisation outside the controller’s/processor’s organisation”

WP29 states that in such an arrangement “individual skills and strengths can be combined so that several individuals, working in a team, may more effectively serve their clients

We at tlam agree

The Working Party recommends that in this case there is a clear allocation of tasks within the DPO team with a lead contact and person in charge assigned to each client.

We at tlam agree

We believe that we already have a good understanding of your business from our experience of working for Law Firms so let us work with you and take away the headache of appointing a suitable DPO when we can do this role for you effectively and in a much more cost-effective way

Leave a Reply

Your email address will not be published. Required fields are marked *