29.63%In house DPO with segregated responsibility ( 8 voters )25.93%In house DPO as part of another role responsibility ( 7 voters )29.63%Outsourced External DPO ( 8 voters )14.81%Don't have / need one ( 4 voters )
Based On 27 Votes
One of the key benefits of an outsourced DPO is that they can be completely unbiased. My experience is that there is something very beneficial in having someone who has no motivation to get involved in internal politics which means there is a real possibility of ensuring that data protection is a positive sum exercise.
I think this is up to the specific organisation. For companies that have the legal requirement to appoint a DPO but don’t have the budget to hire a person full-time (or don’t need full-time), I would recommend outsourcing. Many organisations appoint a person as a DPO internally that has originally another role and zero or very basic knowledge of data protection legislation. Having in mind that the GDPR requires that the DPO must have a proven experience within data protection, this is not adequate. However, a very experience pro, wouldn’t accept the low salary that could be offered by organisations with low budget.. I am not against appointing someone internally, as long as the person has rigid knowledge on the topic and the support of the organisation and there is no conflict.
Many SME’s (smaller end of the market) will not have the resources to take in house and are or will have to outsource. As Hellen says, an outsider brings an unbiased view but I also feel they bring vast experience as they will have worked for other organisations too so they can both help bring best practice and help drive out poor practice.