Many organisations have already recognised the need to appoint specialist personnel to ensure they are meeting their obligations in relation to the protection of personal data. For example, the General Data Protection Regulation (GDPR) requires many types of organisations to appoint a Data Protection Officer (DPO) to ensure effective and appropriate internal measures. There are many ways to access DPO services. Some organisations have opted to engage an outsourced DPO, while others have committed internal staff. However, there is another, hybrid approach for organisations that have a DPO on staff and:
- Need help digging deep into a specific issue that poses significant risks and warrants more in-depth research than an internal DPO can accomplish, whether because of time or specialised knowledge.
- Simply cannot keep up with the volume of enquiries or issues, and they need some level of assistance for peak level responses.
- Need to have a broader practitioner’s view to take advantage of emerging best practices.
- Have a DPO who is newly qualified and could benefit from additional support as they become more experienced.
- Do not have the resources to keep current with the fast pace of new guidance and opinions related to the GDPR, national legislation, and legal test cases.
- Face situations where there is a high potential for risk, and the DPO may wish to seek a second opinion.
To support these organisations, Trilateral has launched a new service called DPO Assist, providing assistance in complex or specialist situations or additional support where required to improve compliance.
Who could benefit?
Organisations that have already begun their data protection compliance journey or who have already achieved some compliance maturity would benefit most from this service. For example, an organisation that has already implemented the following would benefit most:
- Identified key individuals responsible for data protection
- Gained some experience and expertise in data protection compliance
- Developed some documentation to support accountability and demonstrate compliance
- Developed some policies to guide data protection requirements and procedures
How can DPO assist be used?
DPO Assist works best when it is offering additional support for organisations with some compliance experience. For example, the DPO Assist service could be used to augment internal expertise. This could be relevant where the organisation encounters specialist issues that require in-depth research or where new guidance emerges that could impact their business functions.
DPO Assist could also be used to support internal data protection staff when new products or practices are likely to introduce additional risks. For example, where an organisation is developing a new service based on the processing of personal data or where they are planning to process data in new ways. In this scenario, DPO Assist could be used to provide data protection-by-design and -default advice.
DPO Assist could also be used to support accountability and provide relief for internal data protection staff. For example, the DPO Assist service could be tasked with organising a stress test, compliance audit or training activities, allowing internal data protection staff to focus on operational issues or other responsibilities. In the case of DPIAs, a DPO Assist service could be particularly useful as DPOs are not responsible for carrying out DPIAs, but they must supervise their implementation.
DPO assist services can enable organisations to augment their internal expertise, augment their resources, learn from others and ensure their operations are based on the most recent guidance from across Europe.
For more information contact our team.