The Business Magazine - B2B Business News - Site Logo
The Business Magazine March 2024
Read now
PICK YOUR EDITION
Sponsored Content

BPE Solicitors consider if changes could mean the death of the data protection officer?

Sponsored by
Share
The Business Magazine article image for: BPE Solicitors consider if changes could mean the death of the data protection officer?

Iain Garfield, Partner and Head of Commercial at BPE Solicitors, looks at the proposed changes to the role of data protection officers and what impact the government’s consultation might have on businesses.

Just when businesses were starting to get the hang of complying with the UK GDPR and the Data Protection Act 2018, the UK Government issues a new consultation on changing parts of the current legislation. Ignoring the fact that changing the law will result in the UK diverging from the rest of the European Union, thus potentially putting at risk the current ability to seamlessly transfer data from the EU into the UK, there are nevertheless a number of interesting proposals in the consultation paper.

One of the more interesting is the proposal to remove the requirement for certain businesses to appoint data protection officers.

Under articles 37 to 39 of the UK GDPR, the following types of organisations are required to appoint a data protection officer:

  • All public authorities
  • Any business whose ‘core activities’ consist of “processing operations which require regular and systematic monitoring of data subjects to a large scale
  • Any business whose ‘core activities’ consist of “processing special categories of data and personal data relating to criminal convictions and offences on a large scale

Other businesses are entitled to appoint data protection officers if they wish, but it is not mandatory.

A data protection officer can be an individual employee, or it can be an outsourced service provider, but in either case the officer must have “expert knowledge of data protection law and practices”. In addition, the officer must:

  • Be responsible for advising the business on its data protection obligations.
  • Be involved (properly and in a timely manner) in all business issues relating to personal data.
  • Be given by the business all necessary resources to carry out its responsibilities and duties (including staying up-to-date with changes in data protection law).
  • Monitor the business’s compliance with data protection law (including ensuring the business provides adequate training for its staff).
  • Be free to carry out its responsibilities and duties without instruction or interference from the business.
  • Not be dismissed, removed or penalised in any way as a result of carrying out its responsibilities and duties.
  • Report directly to the highest level of management within the business.
  • Not carry out any other tasks for the business that would conflict with, or prevent it from carrying out, its responsibilities and duties as data protection officer.
  • Be the business’s liaison with the Information Commissioner’s Office.

The Government recognises that some businesses may struggle to appoint an officer with the requisite skills, and who is sufficiently independent. As a result, if the proposed new laws are adopted, businesses will not have to appoint data protection officers any longer.

Instead, each business will be expected to designate one or more “responsible individual(s)”. But is this simply a data protection officer by another name?

Maybe.

Whilst those individuals would still be expected to oversee that business’s data protection compliance, it would be for the business to decide what skills, experience and qualifications those individuals should have. Each business would have more freedom in how it instructed those individuals to carry out their tasks but, most noticeably, the phrase “responsible individual(s)” seems to suggest that outsourcing responsibility to external consultancies would not be acceptable.

Therefore, reports of the death of data protection officers may be somewhat premature and, even if the Government’s proposals do find their way into law in the future, there is unlikely to be a significant change insofar as businesses still needing to ensure that one or more individuals are tasked with ensuring compliance with the law. Same job, different job title?

The consultation period is due to end in mid-November, and the industry looks forward to reading the Government’s response whenever it is published thereafter.

Iain Garfield-BPE_Head-shots1643For more information on your requirements in relation to GDPR and data protection officers within your organisation, contact Iain Garfield at [email protected]  or call 01242 248246

 

 

www.bpe.co.uk

Twitter @BPE_Solicitors 

LinkedIn: BPE Solicitors LLP

BPE MPU


Related topics

Related articles

Latest Deal Ticket

view more
Padel centre operator PadelStars (Hampshire)
has received investment from
Golf and leisure operator Dwellcourt Group (Surrey)
April 2024
UNDISCLOSED
Who's behind the deal?

Upcoming events

view more
01
May

South Coast Property Forum: Networking Lunch

Ennios Ristorante
Southampton
More info
23
May

Thames Valley Tech Forum: Networking Drinks

Malmaison Hotel
Reading, RG1 1JX
More info
06
Jun

South Coast Property Awards 2024

Hilton Southampton
Utilita Bowl
More info
12
Jun

Leadership Roundtable: Developing strategies for financial returns over the next decade

Herrington Carmichael, Farnborough Aerospace Centre, GU14 6XR

More info
18
Jul

Thames Valley Tech & Innovation Awards 2024

Reading FC Conference & Events
Select Car Leasing Stadium, Reading
More info
26
Sep

Thames Valley Property Awards 2024

Ascot Pavilion
Ascot Racecourse
More info
03
Oct

South Coast Tech & Innovation Awards 2024

Hilton Southampton
Utilita Bowl
More info
07
Nov

Thames Valley Deals Awards 2024

Reading FC Conference & Events
Select Car Leasing Stadium, Reading
More info
21
Nov

Hampshire Business Awards 2024

Farnborough International
Exhibition & Conference Centre
More info

Related articles

The Business Magazine Group Limited © Copyright 2024. All Rights Reserved.
South West & Midlands
South East