From May 2018 the General Data Protection Regulation (“GDPR”) will apply to all UK based organisations. One of the key changes to data protection law is the introduction of a requirement to appoint a Data Protection Officer where the core activities of the controller or processor consist of processing on a large scale of special categories of data which we know as “sensitive” data under the Data Protection Act 1998.
If we get this wrong it is serious stuff. An organisation which either intentionally or negligently fails to designate a Data Protection Officer or does not ensure the conditions for fulfilling the DPO tasks are open to an administrative fine of up to 10,000,000 euros or 2% annual worldwide turnover whichever is greater. Read more … Introducing the role of Data Protection Officer