Data protection officer

This subtopic considers the provisions of the UK General Data Protection Regulation (UK GDPR) relating to data protection officers (DPOs).

Under UK GDPR, certain organisations are required to appoint an individual to act as their DPO. Others may choose to appoint a DPO on a voluntary basis. In either case, your firm will need to consider who should be the DPO, what the DPO’s duties will be and what the firm’s obligations are in relation to the DPO.

For information on the circumstances where UK GDPR requires you to appoint a DPO, see Practice Note: Data protection officer—law firms and DPO appointment decision tree.

Voluntary DPOs

You should consider whether to appoint a DPO even where you are not required to. Guidance on DPOs published by the Article 29 Data Protection Working Party and subsequently endorsed by the European Data Protection Board (EDPB) (EDPB guidance) and Information Commissioner’s Office (ICO) guidance encourage voluntary appointment of a DPO, but with an important caveat—it doesn’t matter whether your DPO’s appointment is voluntary or mandatory, if your firm has a DPO, all the requirements of the UK GDPR relating

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

Law Society publishes guidance on disability terminology and language

The Law Society of England and Wales has published guidance on disability terminology and language to support employers and employees in the workplace. The guide is aimed at ensuring that the legal profession is using the right words, phrases and acronyms when talking about disability.

SFO launches bribery investigation into defence firm Thales

The Serious Fraud Office (SFO) has initiated an investigation into suspected bribery and corruption involving the multi-national aviation and defence electronics group Thales. This probe is being conducted jointly with the French authority Parquet National Financier (PNF), with each agency operating within its respective jurisdiction. The investigation targets Thales Group, headquartered in Paris, whose UK subsidiary employs over 7,000 staff across 16 sites. SFO director, Nick Ephgrave QPM, highlighted the importance of international collaboration in combating corruption, emphasising the longstanding relationship between the SFO and PNF. The agencies have informed Thales of the investigation and are committed to rigorously pursuing all avenues in their inquiry into these serious allegations.

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Practice Compliance weekly highlights—21 November 2024

This week's edition of Practice Compliance weekly highlights includes: the latest financial sanctions updates, three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection, initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB), and new guidance from the SRA on internal investigations, together with a suite of guidance for in-house solicitors.

View Practice Compliance by content type :

News