Here’s a snippet:
If you have day-to-day responsibility for data protection it is important that you comply with the requirements of the GDPR (General Data Protection Regulation).
This is a Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) made by European Parliament and Council.
Under the GDPR, you must appoint a DPO (Data Protection Officer) if:
- you are a public authority (except for courts acting in their judicial capacity);
- your core activities require large scale, regular and systematic monitoring of individuals (e.g. behaviour tracking); or
- your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
The GDPR comes into force from 25 May 2018.