Any company with more than 250 staff which processes personal data must have a Data Protection Officer (DPO) in order to comply with the General Data Protection Regulation (GDPR) which becomes enforceable by law on May 25 2018.
The issue for companies that need to fulfill this requirement is that there is a shortage of suitably qualified data protection specialists. In a perfect world, businesses should employ people who have experience in data protection. However, they may need to move an internal member of staff into a DPO role instead.
Data Protection Officer Training Requirements
Although GDPR does not state what experience and expertise a DPO must have, it is expected that anyone filling the role should be able to develop and strategise a data protection system and should have an wide ranging knowledge of GDPR.
The CEO of the business is charged with ensuring that the DPO appointed has all of the necessary knowledge required for the role. If the candidate requires further training this needs to be completed prior to the May 25 2018 GDPR introduction date, so that the DPO is fully effective from the beginning.
Any business that has less than 250 staff should consider providing GDPR training classed to at least one member of staff if they need to comply with the GDPR, due to the amount of personal data they store.
Once the DPO is qualified in line with requirements, it is their responsibility to ensure that people within the company are knowledgeable of the requirements of GDPR and how it impacts them.
Everyone who manages personal data needs to know the rules of GDPR, so that the they can see to it that the business remains compliant with GDPR at all times. This is very important as failure to adhere to GDPR can result in a business being penalized or being hit with other sanctions.