View Blog

The Everyday Legal Blog

"Our legal expertise, your peace of mind"
As our business grows and serves it's customers well, we enjoy sharing our business journey. Our blog's cover all sorts of subjects from running and creating our own business to special interest areas that may be affecting you. Browse the index at your leisure. You can click on a year or month to narrow the list.


What is a Data Protection Officer and does my business need one?

“What is a DPO? The Data Protection Officer is an individual who ensures that the business complies with UK GDPR law.”

John Davies
Everyday Legal, Co-founder and Legal Expert

The CEO meets the Data Protection Officer

What is a Data Protection Officer?

The Data Protection Officer (DPO) is an individual who ensures that the business (as data controller or processor) complies with the UK GDPR (United Kingdom General Data Protection Regulations). He or she will not become personally liable for breaches and does not need any special qualifications but should have a good experience, knowledge and understanding of data protection requirements so the business can fulfil its obligations.

The larger the organisation and the more data controlled and processed, the more experienced and knowledgeable the DPO should be. The DPO should also really understand the nature of the business so that customer journeys and risks can be better understood.

A DPO need not be full time, but it makes sense for the person discharging that duty not to be conflicted in any way e.g. being in charge of risky marketing.

What does a Data Protection Officer do?

The company Data Protection Officer explains GDPR

The DPO’s tasks are defined in the regulations as:

  • to inform and advise the business and its employees about their obligations to comply with the UK GDPR and other data protection laws;
  • to monitor compliance with the UK GDPR and other data protection laws, and with the data protection policies of the business, including managing internal data protection activities; raising awareness of data protection issues, training staff, and conducting internal audits;
  • to advise on, and to monitor, data protection impact assessments;
  • to cooperate with the ICO; and
  • to be the first point of contact for the ICO and for individuals whose data is processed (employees, customers etc).

The DPO should also know that this role includes covering all personal data processing activities.

  • The DPO must consider the risk carried by the processing undertaken by the business having regard to “the nature, scope, context and purposes of the processing”.
  • More risky activities should be given priority e.g. processing special category data. It follows then that advice should be risk-based.
  • If a business decides against following a DPO’s advice, this should be recorded in writing for reference and a reason why.

What is a Data Protection Officer?

The Data Protection Officer (DPO) is an individual who ensures that the business (as data controller or processor) complies with the UK GDPR (United Kingdom General Data Protection Regulations. He or she will not become personally liable for breaches and does not need any special qualifications but should have a good experience, knowledge and understanding of data protection requirements so the business can fulfil its obligations.

The larger the organisation and the more data controlled and processed, the more experienced and knowledgeable the DPO should be. The DPO should also really understand the nature of the business so that customer journeys and risks can be better understood.

A DPO need not be full time, but it makes sense for the person discharging that duty not to be conflicted in any way e.g. being in charge of risky marketing.

Does my business need a Data Protection Officer?

For small businesses, it is less likely you will need a DPO, but you can appoint someone into such a position on a voluntary basis, and it really is good practice. However, should you choose to appoint a DPO, the above duties equally apply where a business voluntarily appoints a DPO - so think carefully about the benefits versus the additional burden that comes with the role.

Please note that whether or not a business is required to appoint a DPO, it must have sufficient staff and resources to carry out its obligations under the UK GDPR. However, a DPO should be able to facilitate this and to assist with compliance. It certainly would be good for governance and accountability.

Everyday Legal website action icon Data Protection And Data Security Policy
Data Protection And Data Security Policy
A 'business data protection and data security policy' document for your organisational HR and employee needs.
Everyday Legal website action icon Social Media Policy
Social Media Policy
A business social media policy document template for your organisational HR and employee needs.
Everyday Legal website action icon Website Privacy Policy
Website Privacy Policy
A business website privacy policy document for your online presence, organisational HR and employee needs.
Everyday Legal website action icon Website Terms And Conditions
Website Terms And Conditions
A 'Website terms and conditions' document. It is considered best practice to install appropriate terms and conditions on your website. If you do collect personal data, you must by law have a compliant privacy policy.

For guidance on whether or not your business requires a DPO, the ICO has created a helpful online tool: https://ico.org.uk/for-organisations/does-my-organisation-need-a-data-protection-officer-dpo

If your business is borderline as to whether or not a DPO should be appointed and you decide not to appoint, it is a good idea to record this in writing.

Is a Data Protection Officer mandatory?

It is compulsory to appoint a DPO under the UK GDPR, where the business is;

  • A Public Authority (other than Courts); or,
  • Performing large scale, regular and systematic processing or controlling of individuals’ data such as online behaviour tracking; or
  • Performing large scale, regular and systematic processing or controlling of individuals’ special category data such as medical or data relating to criminal convictions and offences.

What are the legal responsibilities of a data protection officer?

  • As explained above a DPO needs to inform and advise the business and its staff on all aspects of data protection;
  • The DPO needs to check compliance of the activities of the business, eg. review its website, policies, and marketing activities.
  • The DPO should look what might happen if there was a breach and gauge the consequences and check with IT that the database is safe and secure;
  • The DPO needs to comply with subject access requests, enquiries, complaints, registrations and notifications, and of course communicate with the Information Commissioner if required to do so.

John Davies
15th July 2021

Saving you time and money

We hope you enjoy our short informative blogs. We are all about empowering the individual to take better ownership and control of the legal aspects of their personal and business life. We have a plethora of legal document templates that are quick and easy to explore and create. What's more, creation and editing is free. Explore our templates here 

“Discover 7 essential facts you need to know about creating a power of attorney”

Learn More   Everyday Legal website action icon

“Redundancy happens when a business has to dismiss an employee because it no longer needs someone to fulfil that role.”

Learn More   Everyday Legal website action icon

“How to make a valid DIY will. There are many reasons why someone should make a will and very few reasons not to.”

Learn More   Everyday Legal website action icon

2021

March

What is a promissory note and what can it be used for?  Everyday Legal website action icon

How do I go about a Change of Name legally?  Everyday Legal website action icon

What is a Shareholders Agreement?  Everyday Legal website action icon


February

What is a Settlement Agreement?  Everyday Legal website action icon

Things you should know about Flexible Working Requests  Everyday Legal website action icon

5 things to consider regarding Health & Safety, Discrimination, Employment and the Covid 19 Vaccine  Everyday Legal website action icon

With Redundancies at Record Levels are Businesses Following a Fair Process?  Everyday Legal website action icon


January

Lookout 2021 Caravan and Motorhome Holiday Bookings are Booming  Everyday Legal website action icon

A Guide to the Understanding and Importance of Legal Contracts  Everyday Legal website action icon

After Brexit Transition - What Provisions are needed for Data Transfer?  Everyday Legal website action icon


2020

December

Legal rights for wedding events impacted by Coronavirus  Everyday Legal website action icon

How to witness your Will by video link  Everyday Legal website action icon


November

Everyday Legal In Action - Helping Individuals and Business  Everyday Legal website action icon

Shareholder Disputes - How to Avoid Them  Everyday Legal website action icon

The Smart Entrepreneur - Tips for Startups & Small Businesses  Everyday Legal website action icon

Being a Shrewd Entrepreneur and Setting up a New Business  Everyday Legal website action icon


October

Our Top Customer Needs in Everyday Legal's First 8 Months of Trading  Everyday Legal website action icon

The Top 10 Reasons To Have Excellent Terms & Conditions for Business Success  Everyday Legal website action icon

Top 5 Benefits of Having Good Company Policies Documented  Everyday Legal website action icon

An Expert Guide On Why You Need To Register Your Business' Trademark  Everyday Legal website action icon

10 Top Tips to Save Money On Legal Expenses for Businesses  Everyday Legal website action icon


September

Working from home successfully  Everyday Legal website action icon

Common things to pursue in a Small Claims Court  Everyday Legal website action icon

Here is a list of rental agreements to help you make money  Everyday Legal website action icon

Over 50 and starting a business? You need to consider these contracts, agreements and policies  Everyday Legal website action icon


August

Renting Out Your Motorhome  Everyday Legal website action icon

Our Youngest Billionaire!  Everyday Legal website action icon

UK to Make Will Witnessing Easier  Everyday Legal website action icon

Legal Issues and the Small Business Part III  Everyday Legal website action icon


July

Legal Issues and the Small Business Part II  Everyday Legal website action icon

Legal Issues and the Small Business Part I  Everyday Legal website action icon

Can Business force employees back to work?  Everyday Legal website action icon

Everyday Legal - the first 4 month trading  Everyday Legal website action icon


June

Flexible Working Part 2  Everyday Legal website action icon

Flexible Working Part 1  Everyday Legal website action icon

The Crucial Documents Every Small Business Should Have.  Everyday Legal website action icon

Should I Care About Governance In My Small Business?  Everyday Legal website action icon


May

Working with Data Protection - Part 2  Everyday Legal website action icon

Working with Data Protection - Part 1  Everyday Legal website action icon

Should a Contractor use an Agency?  Everyday Legal website action icon

Working for Yourself (Part 3)  Everyday Legal website action icon

New Whiplash laws & procedures  Everyday Legal website action icon

Working for Yourself (Part 2)  Everyday Legal website action icon


April

Working for Yourself (Part 1)  Everyday Legal website action icon

Fancy a change of name?  Everyday Legal website action icon

How to safely witness your Will  Everyday Legal website action icon

Can Employers change contract terms?  Everyday Legal website action icon


March

Have You Made a Will Yet?  Everyday Legal website action icon

Health & Safety Tips for the Small Business  Everyday Legal website action icon

Working from Home  Everyday Legal website action icon

The Value of Policies and Procedures  Everyday Legal website action icon

The Importance of a Non-Disclosure Agreement  Everyday Legal website action icon

The Bank of Mum and Dad  Everyday Legal website action icon

Registering a TradeMark  Everyday Legal website action icon

Blue Passports are back  Everyday Legal website action icon

IR35 and Off-Payroll Tax  Everyday Legal website action icon


February

How to leave Cryptocurrency in your will  Everyday Legal website action icon

Why Use a Contract  Everyday Legal website action icon

Building our Website - Tech Blog 1  Everyday Legal website action icon

Life After Brexit - Consequences for you  Everyday Legal website action icon

Urgent Brexit Message from HMRC  Everyday Legal website action icon


January

A Cookie ticks so many boxes  Everyday Legal website action icon


2019

December

No Deal Brexit. What are the Data transfer concerns  Everyday Legal website action icon