The ICOs "Overview of the GDPR" document is clear on what the roles and functions are. In my role as Head of IG for a large NHS Trust we've agreed that I will take on this role. Any escalation issues would be directed through me to the SIRO.
"WHEN DOES A DATA PROTECTION OFFICER NEED TO BE APPOINTED UNDER THE GDPR?
Under the GDPR, you must appoint a data protection officer (DPO) if you:
- are a public authority (except for courts acting in their judicial capacity);
- carry out large scale systematic monitoring of individuals (for example, online behaviour tracking);
or
- carry out large scale processing of special categories of data or data relating to criminal convictions and offences.
You may appoint a single data protection officer to act for a group of companies or for a group of public authorities, taking into account their structure and size.
Any organisation is able to appoint a DPO. Regardless of whether the GDPR obliges you to appoint a DPO, you must ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR.
WHAT ARE THE TASKS OF THE DPO?
The DPO's minimum tasks are defined in Article 39:
- To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
- To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
- To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc)."
Kind regards,
Andrew.
Andrew Harvey
Head of Information Governance
Western Sussex Hospitals NHS Foundation Trust
Worthing Hospital, Lyndhurst Road, Worthing, BN11 2DH
Tel 01903 205111 x84508
Mob 07900 736922
Email [log in to unmask]
NHSmail [log in to unmask]
If unavailable [log in to unmask]
Is your Information Governance Mandatory Training up to date? If not, click here.
www.westernsussexhospitals.nhs.uk
The information contained in this e-mail may be subject to public disclosure under the NHS Code of Openness or the Freedom of Information Act 2000.
Any processing, redistribution, disclosure, or reproduction of this message, except as intended is prohibited. Unless the information is legally exempt from disclosure, the confidentiality of this e-mail and your reply cannot be guaranteed.
If you received this e-mail in error, please notify the sender and remove all copies of the message, including any attachments. Any views or opinions expressed in this e-mail (unless otherwise stated) may not represent those of Western Sussex Hospitals NHS Foundation Trust.
E-mails are not considered a secure medium for sending personal, sensitive or confidential information outside the Trust network unless encrypted and may therefore be at risk.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Ibrahim Hasan
Sent: 20 October 2016 10:29
To: [log in to unmask]
Subject: [data-protection] DPOs under GDPR
New blog post
GDPR will require many data controllers to appoint a data protection officer. But who and how?
https://actnowtraining.wordpress.com/2016/10/19/dpo-or-not-to-dpo/
Ibrahim Hasan
Solicitor and Director
Act Now Training Limited
www.actnow.org.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|