This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Current Issue (July 2017)

Volume: 14 Issue: 7



About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

DPL July


The DPO: A puzzle worth solving


Hidden towards the middle of the much talked-about General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), occupying less than two pages, there is a legal measure that is likely to emerge as one of the most influential of the entire new framework. The GDPR is Europe's great white hope to preserve the right to data protection in the 21st century. It contains an array of obligations and rights that are meant to act as a protective shield while enabling the digital economy to prosper. Some of these will be more successful than others in achieving this goal, but judging by the efforts of many organisations to prepare for the new law, the role of the data protection officer (‘DPO’) is seen as the cornerstone in the strategy to achieve the best of all possible worlds: benefiting from the immense value of personal data in a lawful, responsible and sustainable way. And rightly so.

A crucial question that organisations need to answer at the outset is whether they are legally required to appoint a DPO. To help answer this question the GDPR itself sets out the situations where designating a DPO is mandatory, which is a good start. Top of the list is where the processing is carried out by a public authority or body - other than the courts - and another obvious situation is where the core activities of the organisation involve the processing on a large scale of sensitive or criminal data. However, the bulk of cases demanding a DPO are likely to fall where as part of the essential business activities, individuals are monitored - meaning followed or digitally tracked - on a systematic basis. In today’s digital age, this will capture many, many cases. As a rule of thumb, if you are a consumer-oriented business with a credible digital presence, the chances are that this obligation will affect you.

Read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
E-Law Alerts
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed