Data Protection Officer (DPO)
The GDPR introduces a duty for organisations to appoint a data protection officer (DPO) if they are a public authority or body, or if they carry out certain types of processing activities.
Tasks of the DPO
The DPO’s tasks are defined in GDPR Article 39 as:
- to inform and advise you and your employees about your obligations to comply with the GDPR and other data protection laws;
- to monitor compliance with the GDPR and other data protection laws, and with your data protection polices, including managing internal data protection activities; raising awareness of data protection issues, training staff and conducting internal audits;
- to advise on, and to monitor, data protection impact assessments;
- to cooperate with the supervisory authority; and
- to be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).
Is the DPO responsible for compliance?
The DPO isn’t personally liable for data protection compliance. As the controller or processor it remains The University's responsibility to comply with the Data Protection Act 2018. Nevertheless, the DPO clearly plays a crucial role in helping the University fulfil its data protection obligations.
The University has appointed a Group Data Protection Officer.
If you require help or guidance, the DPO contact be contacted by email: firstname.lastname@example.org.