The role and function of a data protection officer (DPO) are evolving and will underpin data protection compliance under the proposed European General Data Protection Regulation.
Recognizing the critical importance of the DPO function and oversight as a prerequisite for data privacy corporate accountability, many organizations have invested strategically in developing a DPO function, but little is known about how existing DPOs envisage their current role being impacted by, and changing, under the GDPR. As part of our project to explore the changing role of a DPO, we surveyed 43 practicing DPOs from a range of industry sectors and a variety of geographical locations about their role and function.
This paper summarizes the insights we have drawn from the survey.
The survey results identify the need for consensus amongst all stakeholders – businesses, public authorities, regulators, and data subjects – to build a shared vision of the role and the function of the DPO. If that is not possible, then there should be acceptance of the fact that the role and function of the DPO can legitimately take many guises. In light of a more harmonized approach to data privacy regulation and compliance across the EU, it is critical to ensure consistency of regulator expectations and the consistent interpretation of the formal requirements of the DPO role.
