This post from Tim Lennard FCA. Tim qualified with PwC London. He now consults to organisations seeking to manage data privacy compliance.
Seeing the recent the GDPR blog post from Richard Anning reminded me of concerns I have heard from Finance professionals whose responsibility has been extended to include data privacy.
Organisations that process personal data may not be legally required to appoint a Data Protection Officer (DPO) but are not free from the requirement to comply with the legislation. Even those that that are suppliers to a data controller and process data under their instruction, are required by GDPR to sign a processor contract that exposes them to redress. Recognising this exposure, organisations have put someone ‘on point’ to own data privacy, and where there is no internal legal team the Finance Director/Controller who manages other aspects of compliance is a good candidate. You may have been ‘volunteered’ into the role of ‘DPO in all but name’ and if so;
If you are a ‘DPO in all but name’, but your answer is ‘no’ to any one of the above you would be forgiven for wondering whether compliance risk is effectively managed. A retained service from an objective privacy professional can support you in your extended role and is also evidence, should you ever need it, of your company acting in good faith to ensure compliance.
I’ll declare my interest, I am an FCA but my focus for some time has been providing support to organisations that have such a need and want to effectively manage data privacy risks.
How has your organisation adapted to the demands of GDPR?