The conditions for appointing a Data Protection Officer (DPO) can be confusing for many charities. Under the legislation it is mandatory for an organisation to appoint a DPO if it is a public authority or body; and if its core activities involve large data processing operations that require regular and systemic monitoring of data subjects. These conditions do not necessarily exempt small businesses or charities from appointing a Data Protection Officer and it is advised by the ICO that all organisations appoint one to ensure compliance with the law.
What is the role of a data protection officer?
A Data Protection Officer is an independent expert who is responsible for monitoring an organisation’s compliance with GDPR. The responsibilities of a DPO cover the following:
1. To inform and advice on data protection obligations under GDPR.
2. Monitor compliance with GDPR and conduct regular security audits.
3. Educate company staff on compliance and train data handling staff.
4. Act as a point of contact between the supervisory authority and the organisation particularly in the event of a data breach.
Considering the scope of activities within charities that involve the handling of personal data, appointing a Data Protection Officer is of paramount importance. A DPO would help your charity to make sure that activities such as fundraising, marketing, campaigning and managing volunteers are compliant with GDPR requirements. Failure to comply with GDPR can result in hefty fines and as such, it is advisory for charities to hire an internal staff or outsource the role. For most companies it will be essential to hire a full-time Data Protection Officer but for smaller charities the services of a DPO may only be necessary on a periodic basis. In this case, the role can be outsourced to a third party who would carry out the responsibilities and represent the charity on all data protection obligations or inquiries.
At Kazient we provide outsourced Data Protection services for various organisations. A non-European bank recently sought our help on GDPR compliance during its recruitment process for European applicants. Using our expert opinion, we were able to provide tailored guidance on the most practical and efficient route to compliance. All organisations that deal with personal data in any form need technical competence to understand GDPR and would therefore benefit from having a Data Protection Officer.
Our data protection consultants are available to act as DPO for your charity. If you would like to discuss this or additional advice on how to get your organisation GDPR compliant, email firstname.lastname@example.org