The Role of the Data Protection Officer (DPO)

About the Project

The data protection officer (DPO) has assumed an essential role in delivering privacy compliance and has become a critical component of an organisation's privacy management program. Increasingly new and proposed privacy laws and regulations are impacting that role, including the new EU General Data Protection Regulation. Companies must recognise the challenges and opportunities presented and explore how to respond. In 2013, CIPL launched a project to explore  the role of the DPO.

The project will examine:
  • The extent of current regulatory obligations for the appointment and role of DPO in privacy laws;
  • Comparative obligations in analogous legislation and the impact on behaviour in organisations;
  • The proposed changes to DPO role under the Draft EU Data Protection Regulation;
  • The potential impact of such proposals on existing corporate practices, patterns of internal control and management of privacy, with a focus on the current role of chief privacy officer; and
  • The pros and cons of appointing a DPO with responsibility for internal controls and external reporting and recommendations for dealing with the challenges and opportunities presented by the changed role.

Click here for the Project Summary Document.