Top Tip 5
Do I need a Data Protection Officer after the May 25th deadline?
Certain organisations will be required to have a DPO to advice on GDPR compliance. This individual cannot be someone who makes decisions about data processing but should have access to the Board. The responsibility remains with the data controller; the organisation in control of the data. If you are a public authority; if your core activity is processing large amounts of sensitive personal data or if you’re core activity involves systematic monitoring, then you must have a DPO.
Top Tip 6
What about the records of children after the May 25th deadline?
If you are processing the data of children you must decide whether you need to have a system in place to confirm their age and to obtain parental /guardian consent if you are offering online services. Information provided to a child should be in an easily understood format. Under the GDPR a child is defined as under 16 however the UK may reduce that age to under 13.