Although companies are not obliged to appoint a Data Protection Officer before May 2018, we are often asked to already provide Data Protection Officer services now – to help with GDPR implementation. So we started offering ‘ early Data Protection Officer appointment ‘.
Early Data Protection Officer appointment means that your appointed Data Protection Officer is not a statutory but rather an in-house function like any other officer that you appoint in your company. However, such a Data Protection Officer would be expected to monitor data protection compliance and offer support in the privacy field in a way similar to a GDPR Data Protection Officer.
Monitoring step-by-step GDPR implementation
That said, an early-appointed Data Protection Officer would primarily monitor step-by-step implementation of GDPR rules in the company, and provide advice and support in that regard. Early Data Protection Officer appointment can also help provide the necessary data protection training that is not generic but tailored to the needs and policies of your company.
Advise, monitor, communicate
Data Protection Officer GDPR task to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to GDPR and to other Union or Member State data protection provisions will before 25th May 2018 be focused on adapting policies and processes to the new rules. Similarly, monitoring compliance with the same three sets of obligations and with the policies of the controller or the processor itself will focus on GDPR-readiness and gap analysis.
The early appointed Data Protection Officer might already be the best person in the company to communicate with the national supervisory authority i.e. the ICO in the UK or the IOC in the Republic of Ireland, as foreseen by GDPR. However, keep in mind this role might require express power of attorney.