You should appoint a DPO

Next story

A data protection officer, or DPO, is a role introduced by GDPR and is focused on ensuring internal compliance and smooth communication with relevant parties.

The role of a DPO is to report directly to the highest level of management on the following:

  • State of internal compliance
  • Inform and advise on your data protection obligations
  • Provide advice regarding Data Protection Impact Assessments (DPIAs)
  • Act as a point of contact for data subjects and the supervisory authorities

The role was introduced with GDPR and you are required to appoint/hire one if you are a public authority, or if you carry out certain types of processing activities. Although, not required for other organisations it way be worth having one regardless, so that requests can be dealt with in a timely manner.

A DPO can be an existing employee, hired in specifically for the role, or externally appointed. A DPO could fulfil their role for multiple companies at the same time as an external entity.

The ICO has a full article that goes into exhaustive detail about the importance of the role of a DPO, click here for that.


Key responsibilities

  • Act as point of contact with data subjects, supervisory authorities and internal teams
  • Identify and evaluate the company’s data processing activities
  • Provide advice and instructions on how to conduct Data Protection Impact Assessments
  • Monitor data management procedures and compliance within the company
  • Participate in meetings with managers to ensure privacy by design at all levels
  • Maintain records of processing operations
  • Ensure we address all queries from data subjects within legal timeframes
  • Liaise with other organisations that process data on our behalf
  • Write and update detailed guides on data protection policies
  • Perform audits and determine whether we need to alter our procedures
  • Offer consultation on how to deal with privacy breaches
  • Arrange for training on GDPR compliance for employees
  • Follow up with changes in law and issue recommendations to ensure compliance



  • Experience in data protection and legal compliance
  • Work experience in data protection and legal compliance is a plus
  • Solid knowledge of GDPR and national data protection laws
  • Knowledge of data processing operations in the company’s sector is preferrable
  • Familiarity with computer security systems
  • Ability to handle confidential information
  • Ethical, with the ability to remain impartial and report all noncompliances
  • Organizational skills with attention to detail


A full DPO job brief can be found here.

Do you already have a DPO in place? Are you looking to hire one? Let us know on Twitter @ESETUK.