Officer Role

IT OUTCOMES Find out about how we can help you to meet the new GDPR compliance laws.
Meeting Government Regulations IT OUTCOMES It is ESSENTIAL that you understand the new GDPR laws. Are you Protecting
Customer Data?
IT OUTCOMES Get up to speed with the latest EU directive: the GDPR. GDPR Services
Long term Support
IT OUTCOMES Our award winning services will help you stay within the law. See More...


0330 332 6262  |

What is a GDPR Officer?

One of the major changes introduced with the GDPR is the need for some organisations to have a Data Protection Officer (DPO) appointed.  The DPO is an employee or professional hired externally who is responsible for ensuring their organisation is compliant with GDPR.  The officer has an important role!  As part of their job, they need to:

  • Advise and guide their organisation on the requirements of the GDPR
  • Monitor their organisation’s compliance with the regulations
  • Be available during Data Protection Impact Assessments to provide advice
  • Be the main point of contact for data subjects and for co-operation with national supervisory authorities such as the ICO (information commissioner’s office).

It is also important for the DPO to carry out regular data audits and to oversee the implementation of compliance tools.  They must be able to report to senior management should they need to raise any concerns too.

Does My Business Need a GDPR Officer?

Not all businesses will require a data protection officer.  There are three main criteria around the requirement to appoint a GDPR officer:

  1. Where data processing is carried out by a public authority or body;
  2. Where the main data processing operation is regular, systematic and on a “large scale”;
  3. Where any data processing relates to special categories of data such as those relating to criminal convictions or offenses

The above requirements apply to both controllers and processors of data.

It is important to be clear whether the data processing is a key part of the organisation’s activities, for instance a hospital’s main activity is the provision of health care, which involves patient health records (personal data), so they would certainly require a DPO.  A company processing data for payroll or employment purposes are not collecting data as a main part of their job, so they would not require a DPO.  If you are at all unsure, it is certainly worth taking a look at our GDPR services, where we can advise you on the best course of action to take and whether your organisation would require the DPO to be appointed or not.

Get in touch

At IT Outcomes we love to hear from our customers, whether you are new to Managed IT Services, are looking to change your existing supplier or need advice just call or email and our approachable team.

© Copyright - IT Outcomes | Rights Reserved Company House Registration No (ITO) 09306431

Privacy Preference Center


We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.

Session Cookies, Preference Cookies, Security Cookies
Session Cookies, Preference Cookies, Security Cookies
User Login, Post a Comment