All organisations are now required to fulfil a wide set of obligations in this area, from setting and applying policies, to monitoring compliance and breach reporting, training and auditing.
You may be obliged under the Data Protection Act to appoint a Data Protection Officer, or DPO. Indeed, all organisations must ensure that they have sufficient staff, skills and appropriate reporting structures in place to meet their obligations under the GDPR.
It’s essential that a DPO has a level of independence and authority with regard to the organisation. It’s also very important to establish that a DPO has the appropriate skill levels, training and ability to access the information they require.
Oyster IMS offers a range of services to support internal data protection and privacy initiatives, from arms-length support to a full outsourced Data Protection Officer managed service.
To see how this service can support your organisation’s privacy responsibilities, download your DPO as a managed service brochure.