undefined | Better HN

0 pointsrrwo3y ago0 comments

You don't need to hire a separate person as DOO. It's recommended but not mandatory.

0 comments

Every single official guidance on GDPR that I have seen, such as https://ico.org.uk/for-organisations/guide-to-dp/guide-to-th..., states that I would have conflict of interest serving as DPO because "Basically this means the DPO cannot hold a position within your organization that leads him or her to determine the purposes and the means of the processing of personal data."

The same document specifically points out that as I head marketing, I cannot also the the DPO.

rrwoOP3y ago

It is recommended, not mandatory. You are a single person company.

Do you think every family run corner shop or plumber or painter in the EU has hired a DPO? No.

ensignavenger3y ago

I have seen nothing that says it is recommended and not mandatory- do you have a source?

rrwoOP3y ago

Your own link did, but now the page returns a 404 error.

However, see https://ico.org.uk/for-organisations/guide-to-data-protectio...

> Under the UK GDPR, you must appoint a DPO if:

> - you are a public authority or body (except for courts acting in their judicial capacity);

> - your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or

> - your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

1 more reply

j / k navigate · click thread line to collapse

0 comments

ensignavenger3y ago

The same document specifically points out that as I head marketing, I cannot also the the DPO.

rrwoOP3y ago

It is recommended, not mandatory. You are a single person company.

Do you think every family run corner shop or plumber or painter in the EU has hired a DPO? No.

ensignavenger3y ago

I have seen nothing that says it is recommended and not mandatory- do you have a source?

rrwoOP3y ago

Your own link did, but now the page returns a 404 error.

However, see https://ico.org.uk/for-organisations/guide-to-data-protectio...

> Under the UK GDPR, you must appoint a DPO if:

> - you are a public authority or body (except for courts acting in their judicial capacity);

> - your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or

> - your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

1 more reply

j / k navigate · click thread line to collapse