Skip to main content
Beauchamps Close
Back

  • B-Connect
  • About us
    • About Beauchamps
    • Client service
    • Core values
    • Corporate social responsibility
    • History
    • Knowledge management
    • Partnerships
  • Our People
  • Our services

    Practice Areas

    • Banking & Finance
    • Commercial Real Estate
    • EU, Competition & Procurement
    • Construction
    • Corporate & Commercial
    • Corporate Governance & Company Compliance
    • Employment & Benefits
    • Energy & Natural Resources
    • Inward Investment
    • Technology & Intellectual Property
    • Litigation & Dispute Resolution
    • Mergers & Acquisitions
    • Planning & Environmental
    • Private Client & Family Law
    • Insurance & Professional Indemnity
    • Public & Regulatory
    • Insolvency & Corporate Restructuring
    • Medical Negligence and Personal Injury*

    Sectors

    • Charities & Not For Profit
    • Energy & Natural Resources
    • Financial Services
    • Healthcare
    • Real Estate
    • Retail
    • Sport
    • Technology & Communications
    • Brexit
    • Food & Agri
    • Housing
    • Family Business
    View All Services
  • What's new
    • Beauchamps - proud sponsor of and official legal adviser to Leinster Rugby
    • Brexit Update
    • Doing business in Ireland
    • General Data Protection Regulation
    • The Companies Act 2014
    • Covid-19 Updates
  • Careers
    • Why join Beauchamps?
    • Current opportunities
    • Lawyers
    • Business services
    • Intern & trainee programmes
Contact Search
Search Menu
Beauchamps
Search Menu
What's new

What is the role of the Data Protection Officer under the General Data Protection Regulation?

19 Dec 2017

Breadcrumb

  1. Home
  2. What's new
  3. Publication

Share

A key obligation under the General Data Protection Regulation (the GDPR) is that that some data controllers and processors must appoint a Data Protection Officer (DPO).

Irish businesses must be fully compliant with the GDPR by 25 May 2018. 

Do I need to appoint a DPO?

Businesses will need to decide if they need to appoint a DPO.  The following entities must appoint a DPO:

  • public authorities

  • businesses that engage in large scale regular and systematic monitoring of individuals and
  • businesses that engage in large scale processing of special categories of personal data (see glossary) or data relating to criminal convictions / offences

Even if the GDPR does not require the appointment of a DPO, some businesses may appoint a DPO on a voluntary basis.  The GDPR rules relating to DPOs apply whether the appointment is voluntary or mandatory.  Where a business is not required to appoint a DPO and tasks a person with responsibility for GDPR compliance, care should be taken to ensure that that person is not deemed to be a DPO, as this will give rise to the additional GDPR obligations.

As stated above, all public authorities must appoint a DPO and it is possible for a single DPO to be designated for several public authorities, taking account of their organisational structure and size.  It is also possible for a single DPO to represent a number of private businesses.

In Guidelines adopted on 13 December 2016 and revised on 5 April 2017, the Article 29 Working Party (Working Party) recommends that unless it is clear that a controller or processor is not required to designate a DPO, then controllers and processors should document the internal analysis carried out to determine whether or not a DPO is to be appointed in order to be able to demonstrate that the relevant factors have been taken into account properly.

What is the role of the DPO under the GDPR?

The role of a DPO is to advise the business (be it a controller or processor) on its obligations under, and to monitor compliance with, the GDPR. They will also cooperate with and act as a contact point for the Data Protection Authority. They should report to the highest management of the business, be independent and can fulfil other tasks as long as there is no conflict of interests. They should have expert knowledge of data protection law and practices. The DPO may be a member of staff or it may be outsourced.  Whoever the person is, the DPO must receive sufficient resources (ranging from financial to infrastructure and staff) in order to carry out its tasks. 

The DPO must be involved in all issues which relate to the protection of personal data within the business, in particular by organising training and establishing a network of persons who are aware of the data protection issues within the organisation.  They are also bound by confidentiality.

DPOs are also the contact point for individuals within or outside the organisation with regard to all issues relating to the processing of their personal data and to the exercise of their rights under the GDPR.

Businesses must not interfere with the DPO and they cannot penalise or dismiss the DPO in relation to the performance of his / her tasks. It is an offence for a business not to appoint a DPO where they are obliged to do so and they may be subject to fines.

Further guidance on the GDPR

We have examined the key provisions of the GDPR and the key steps organisations need to take to ensure compliance with the GDPR by the deadline, and created a helpful guidance to support businesses in their preparations for its impact. View our dedicated GDPR page.

About the author

Emer Moriarty Crowley

Partner

About Emer

Emer is a partner in our corporate & commercial team. Emer has extensive experience working with both Irish organisations and international businesses across all sectors.

Emer specialises in cross border mergers and reorganisations, foreign direct investment, corporate restructurings and business transformation, mergers, acquisitions and disposals, general corporate law and corporate governance and compliance.

Beauchamps

Related Services

Practice Areas

    Data Protection & Freedom of Information
    Public & Regulatory
    Technology & Intellectual Property

Sectors

    Technology & Communications
    Retail
    Real Estate
    Charities & Not For Profit
    Energy & Natural Resources
    Financial Services
    Healthcare
    Food & Agri
    Housing
Beauchamps

Our Location

Riverside Two

Sir John Rogerson's Quay

Dublin 2, D02 KV60

Ireland, DX No. 63

General Enquiries

T: +353 (0) 1 418 0600

F: + 353 (0) 1 418 0699

E: info@beauchamps.ie

  • Cookie Policy
  • Disclaimer
  • Accessibility
  • Sitemap
  • Contact
  • Privacy
© 2023 Beauchamps LLP