DPO Services

It is widely thought that the new EU Regulations due in 2014 will require companies with over 250 employees or 5000 records of personal data to have a Data Protection Officer.

Under the new EU Regulations (General Data Protection Regulation), public authorities and companies which process significant volumes of personal data and/or sensitive personal data (e.g. health and wellbeing, ethnic origin, trade union membership etc) must have a DPO appointed to their business. However, this does not necessarily mean a full-time employee. The role of the DPO is no longer independent and advisory and positioned at a Senior manager/board level, not at administrator level.

The role of the DPO, although protected, should be reflective of the companies needs. The DPO does not need to be an employee of the company or even a full time role. Due to the conditions of employment under the new regulations many companies will opt to engage the services of a qualified consultant, as provided by CLF Consulting

These duties may include all or some of the following, all of which CLF Consulting can support you with:

  • Notification administration
  • Processing requests for personal data
  • Induction and on-going training
  • Liaising with the ICO in the event of a breach
  • Policy & Procedure review and/or writing
  • Advice and guidance on specific issues, risks or concerns
  • Third Party Processing selection and contractual guidance
  • DPO training and mentoring