What is a 'Data Protection Officer (DPO)'

A data protection officer (DPO) is a position within a corporation that acts as an independent advocate for the proper care and use of customer’s information. The role of a data protection officer was formally laid out by the European Union as part of its General Data Protection Regulation (GDPR). Under the regulation, all businesses that market goods or services to customers within the European Union and collect data as a result must appoint a data protection officer. The data protection officer keeps up on laws and practices around data protection, conducts privacy assessments internally, and ensures that all other matters of compliance pertaining to data are up-to-date. Although the EU legislation is prompting the creation of data protection officer roles, other nations are looking at data privacy issues and may require similar roles through updated regulations.

BREAKING DOWN 'Data Protection Officer (DPO)'

The appointment of a data protection officer (DPO) is one of the key requirements for companies conducting business in the EU, and the GDPR is obviously an important piece of legislation. The DPO is on the hook for making sure a company is in compliance with the aims of the GDPR and other relevant legislation. This includes setting defendable retention periods for personal data, authorizing specific workflows that allow data to be accessed, outlining how retained data is made anonymous and then monitoring all these systems to ensure they work to protect private customer data.

This is a big job, and at larger companies the role of the DPO may require an office full of staff rather than one person. In smaller organizations, the chief information security officer (CISO) may be called upon to wear both hats. The idea of having professional DPOs monitoring several companies for compliance has also cropped up– similar to outsourcing finance reporting to an accounting firm.  

Data Protection Officer Versus Other Data Roles

The chief information officer (CIO), CISO, or chief data officer roles that already exist at many corporations are fundamentally different than what is envisioned in the data protection officer role. These roles generally deal with keeping a company’s data safe and making sure that these troves of data are being exploited to improve business functions across the company. The data protection officer works on behalf of the customer’s privacy. As a result, many of the recommendations of a data protection officer will run contrary to the aims of other data roles.

Instead of holding onto valuable data indefinitely or using insights gathered in one business line to inform another, the data protection officer will be there to ensure only the minimum data needed to complete a transaction is collected and retained. The GDPR creates a strong demand for data protection officers, but it doesn't make their job easy. 

  1. Direct Public Offering - DPO

    A direct public offering (DPO) is an offering where the company ...
  2. Safe Harbor Agreement

    The Safe Harbor Agreement was drafted to protect EU citizen’s ...
  3. Days Payable Outstanding - DPO

    Days payable outstanding measures how long it takes for a company ...
  4. Compliance Cost

    Compliance cost refers to all the expenses a firm incurs in order ...
  5. Enterprise Information Management ...

    Enterprise information management refers to the optimization, ...
  6. Data Warehousing

    Data warehousing is the electronic storage of a large amount ...
Related Articles
  1. Investing

    All You Need to Know About GDPR, the New Data Law

    Here’s a look at the General Data Protection Regulation (GDPR) that will take effect on May 25
  2. Personal Finance

    Financial data analyst: Job description and average salary

    Learn about the average salary for a financial data analyst position and the skills, education, and experience employers require of candidates.
  3. Tech

    Data Analyst: Job Description & Average Salary

    Learn about a data analyst career and how much money you can expect to make. Understand the skills and education needed to become a data analyst.
  4. Investing

    Consumer Reports to Create IoT Devices Standards

    CR will create a rating system to help protect consumers' personal data and security.
  5. Investing

    Data Furor Show's Apple's Competitive Edge: UBS

    Facebook and Google’s controversial handling of user data highlights the strength of Apple’s business model, said one Wall Street analyst.
  6. Tech

    How to Protect Yourself After the Epic Equifax Fail

    It's time to take action and protect your personal finances from identity thieves.
  7. Personal Finance

    Your Boss Can't Do That! Laws That Protect Workers

    By federal law, American employees enjoy many legal protections that– among other things– provide a minimal level of income and make the workplace safer.
  8. Investing

    Microsoft Updates Privacy Policy for Windows 10

    Microsoft is gearing up to share more information about the data it collects from Windows 10 users.
  9. Investing

    The Impact of Brexit on Facebook

    Learn how currency swings, trade agreements, privacy issues and consumer demand stand to impact Facebook following the Brexit vote.
  10. Tech

    How Much Can Facebook Potentially Make from Selling Your Data?

    How much does Facebook stand to make by selling user data? Hard to be sure since they will never tell, but we try to extrapolate based on what we know.
  1. What is the most important type of data used in business analytics?

    Consider what makes data useful in business analytics, and why companies should search for the types of data that provide ... Read Answer >>
  2. When should I use seasonally adjusted data from the consumer price index (CPI)?

    Learn what seasonally adjusted data is, how it is determined, and when it should be used to evaluate the information gathered ... Read Answer >>
Trading Center