Accountability webinar questions answered

A recording of the webinar is available here.

Questions 1) Accountability needs to go across the company and not just marketing. I would argue that marketing are actually more accountable than say sales. HR teams will also need to understand the implications of GDPR too.

Accountability rests with the entire organisation and not just a specific department. However, it will be incumbent on certain departments to have a greater level of knowledge such as those involved in the processing of individuals personal data, which would include human resources.

Question 2) Would it be possible to say something on the criteria regarding if a DPO is or isn’t required? It seems to be based on organisational size and whether the data processing is their core business and if sensitive data is being processed.

The size of an organisation is not taken into account. An organisation must hire a data protection officer if; they are a public authority, their core activities 'require regular and systematic monitoring of data subjects on a large scale' and if they process sensitive personal data (for example, data relating to a criminal conviction).

Most one-to-one marketing involves data processing on a regular basis so it would seem most one-to-one marketing businesses will need to hire a data protection officer. However, the ICO will address this point in future guidance and inform the industry exactly who needs to hire a data protection officer.

Learn more about the GDPR with our GDPR Quick Reference Guide.