As the deadline for the implementation of the EU GDPR nears, many (if not most) companies outside those early starters have not yet filled their DPO role as required under the new regulation. With the limited quantities of qualified and experienced DPOs insufficient to meet the market demand, there will be a hurried rush to reserve any available resources for dedicated use. For everyone else, they will most likely need to outsource their DPO role as allowed by the GDPR using a services contract. The good news, writes Thomas Shaw, CIPP/E, CIPP/US, in this exclusive for The Privacy Advisor, is that there is a veritable army of vendors ready to meet these needs. Shaw offers suggestions on what controllers should know before contracting with a DPO outsourcing firm, as well as some questions to ask a potential DPO before selecting a candidate. Editor's Note: For more on this, David Chen, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, wrote on this topic for The Privacy Advisor earlier this year.
If you want to comment on this post, you need to login.