In this the second of a series of linked articles about Data Protection Officers (DPOs) under the General Data Protection Regulation (GDPR), we make a detailed examination into the question surrounding whether to appoint a Data Protection Officer.
In this investigation, we look at the complicated criteria applying to businesses, along with the more straightforward situation relating to organisations delivering UK public services. To ensure our analysis is relevant for each audience, we have segmented our findings into two separate sections:
Appointing a DPO for Businesses – applies to commercial organisations operating in the UK (or from anywhere in the world), which process personal data about EU citizens.
DPOs and UK Public Services – applies to public authorities and bodies operating in the UK, which process personal data about EU citizens. Commercial organisations carrying out a public service under contract are also covered in this section.