Maximum number of cars added to compare list.

What's your postcode?

We need your postcode in order to provide accurate search results.


Enter your first name
Enter your last name
Enter your phone number

Got a part exchange?

Tell us your reg plate and receive a part exchange valuation on your car?

What's this?

Compare cars side by side to save time clicking backwards and forwards between them.


Data Protection Officer

The GDPR has effectively rewritten the Data Protection Directive, the mainstay of current data protection regime. From May 2018, the GDPR will have a significant effect on your responsibilities when storing data and the uses you can put data to. All businesses are affected, particularly where they use customer details for marketing purposes or exchange them with other businesses in any way. Failure to get this right can result in fines, or worse.

In this the ninth of our series covering this significant change to the law, we look in more detail at the requirement for Data Protection Officer.

What is a DPO?

A DPO is an officer or employee within an organisation who is an advocate for the proper care, use and destruction of customer data.  The DPO is responsible for :

  • informing and advising the organisation of their obligations;
  • carrying out any Data Protection Impact Assessments and monitoring the organisation’s compliance;
  • liaising with the Information Commissioner and reporting any breaches.

Whilst it is not a new role it becomes much more important under the GDPR

Am I required to appoint one?

That is tricky to answer. Under the GDPR you must appoint a DPO only if you:

  • are a public authority (except for courts acting in their judicial capacity);
  • carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or
  • carry out large scale processing of special categories of data or data relating to criminal convictions and offences.

However, different countries in Europe have defined ‘large scale systematic monitoring’ and ‘large-scale processing’ differently. In the UK the Data Protection Bill currently requires all data controllers to appoint a DPO unless they are a court or a judicial authority acting in its judicial capacity.

Until we get a final draft of the proposed wording, the UK position remains subject to change. However currently you will need to appoint a DPO.

Who can be DPO?

This does not have to be a new position. You can also appoint an external contractor should you wish. What the GDPR does state is that whilst the DPO can have other duties within the company there cannot be a conflict of interests between the roles.

The Article 29 Working Party, which is an advisory body has provided some guidance :-

“As a rule of thumb, conflicting positions within the organisation may include senior management positions (such as chief executive, chief operating officer, chief financial officer, chief medical officer, head of marketing department, head of Human Resources or head of IT departments) but also other roles lower down in the organisational structure if such positions or roles lead to the determination of purposes and means of processing. “

A DPO is a useful position in that it provides an advocate and focus. Whilst the requirement to have a DPO may change, it is likely that any organisation will require data controller. Consideration should be given to the role in the coming weeks and months.

Further details can be found at


The above is a very broad overview of one aspect of the GDPR. The legislation and guidance is still developing in the weeks and months in the run up to their implementation. This advice is general in nature and we will endeavor to keep you informed through regular articles and case studies.

Remember, as an RMI member you have access to the RMI legal advice line, as well as a number of industry experts for your assistance. Should you require further information in respect of the article above, contact the legal advice line at any stage for advice and assistance as appropriate.

Motor Industry Legal Services

Motor Industry Legal Services (MILS Solicitors) provides fully comprehensive legal advice and representation to UK motor retailers for one annual fee. It is the only law firm in the UK which specialises in motor law and motor trade law. MILS currently advises over 1,000 individual businesses within the sector as well as the Retail Motor Industry Federation (RMI) and its members.

Posted by Sue Robinson on 16/03/2018