FEATURE14 July 2017

Do you need a data protection officer?

x Sponsored content on Research Live and in Impact magazine is editorially independent.
Find out more about advertising and sponsorship.

Data analytics Features GDPR Impact Legal Privacy

For some, it will soon be compulsory to appoint a data protection officer. Dr Michelle Goddard looks at which organisations will need to fill this post


As the May 2018 deadline for enforcement of the General Data Protection Regulation (GDPR) approaches, researchers need to think carefully about the actions required to ensure they are on the right compliance track. The GDPR contains some familiar data protection principles, but also introduces concepts that are relatively novel in the UK. 

One of these is the compulsory appointment of a data protection officer (DPO) in specific circumstances. In Germany, DPOs are a core feature of the data protection framework, advising on compliance and acting as a contact for the data protection authority and data subjects. With the enforcement of the GDPR, this position will become more familiar across the EU.

Here are some points to consider in deciding whether, how and when you may need to appoint a DPO. 

Who needs a DPO?

The GDPR obligation applies to all organisations handling personal data (both data controllers and data processors) and the essential test is whether your ...