Whether you’ve already got a DPO in place, or are still trying to find a candidate with suitable experience, an outsourced DPO-as-a-service is something many SMEs are turning to fill gaps with parental leave or holiday cover, or in cases where organisations don’t require the services of a full-time professional. Let’s examine a couple of the key reasons people look at this option.
It seems to happen almost weekly nowadays: another massive brand hit by a data breach, with no real understanding of how or when it happened, or how many people are affected. The media - and the information management community - have been waiting for a GDPR test case since the legislation was first dreamt up. We sat down with Simon Parkinson, COO at Dot Group, to talk about what goes into a data audit. We talked data maps, asset registers, subject access requests and other tricks that ought to go some way towards keeping you and your organisation out of the headlines!
Subject Access Requests, or SARs, may not be new - they came in under the Data Protection Act in 1998 - but the recently enforced GDPR goes some distance further, cutting the time given to respond to requests, doing away with application fees and famously, hiking fines up to 4% of turnover or €20 million, whichever is higher.