Compare cars side by side to save time clicking backwards and forwards between them.
Maximum number of cars added to compare list.
We need your postcode in order to provide accurate search results.
The GDPR has effectively rewritten the Data Protection Directive, the mainstay of current data protection regime. From May 2018, the GDPR will have a significant effect on your responsibilities when storing data and the uses you can put data to. All businesses are affected, particularly where they use customer details for marketing purposes or exchange them with other businesses in any way. Failure to get this right can result in fines, or worse.
In this the ninth of our series covering this significant change to the law, we look in more detail at the requirement for Data Protection Officer.
What is a DPO?
A DPO is an officer or employee within an organisation who is an advocate for the proper care, use and destruction of customer data. The DPO is responsible for :
Whilst it is not a new role it becomes much more important under the GDPR
Am I required to appoint one?
That is tricky to answer. Under the GDPR you must appoint a DPO only if you:
However, different countries in Europe have defined ‘large scale systematic monitoring’ and ‘large-scale processing’ differently. In the UK the Data Protection Bill currently requires all data controllers to appoint a DPO unless they are a court or a judicial authority acting in its judicial capacity.
Until we get a final draft of the proposed wording, the UK position remains subject to change. However currently you will need to appoint a DPO.
Who can be DPO?
This does not have to be a new position. You can also appoint an external contractor should you wish. What the GDPR does state is that whilst the DPO can have other duties within the company there cannot be a conflict of interests between the roles.
The Article 29 Working Party, which is an advisory body has provided some guidance :-
“As a rule of thumb, conflicting positions within the organisation may include senior management positions (such as chief executive, chief operating officer, chief financial officer, chief medical officer, head of marketing department, head of Human Resources or head of IT departments) but also other roles lower down in the organisational structure if such positions or roles lead to the determination of purposes and means of processing. “
A DPO is a useful position in that it provides an advocate and focus. Whilst the requirement to have a DPO may change, it is likely that any organisation will require data controller. Consideration should be given to the role in the coming weeks and months.
The above is a very broad overview of one aspect of the GDPR. The legislation and guidance is still developing in the weeks and months in the run up to their implementation. This advice is general in nature and we will endeavor to keep you informed through regular articles and case studies.
Remember, as an RMI member you have access to the RMI legal advice line, as well as a number of industry experts for your assistance. Should you require further information in respect of the article above, contact the legal advice line at any stage for advice and assistance as appropriate.
Motor Industry Legal Services
Motor Industry Legal Services (MILS Solicitors) provides fully comprehensive legal advice and representation to UK motor retailers for one annual fee. It is the only law firm in the UK which specialises in motor law and motor trade law. MILS currently advises over 1,000 individual businesses within the sector as well as the Retail Motor Industry Federation (RMI) and its members.