Finally I have managed to get a blog sorted to document the research I am doing for a PhD looking at various aspects of the role of the DPO. I have yet to finalise the research questions although intend to cover a number of different areas including:

  • Interpretation of the requirements of the GDPR and domestic legislation relating to the role of DPO
  • Skills and competencies required by someone in the role of DPO considering:
    • which of those are required to demonstrate professional qualities and expert knowledge, and how these can be developed
    • whether there is a common or core skill set required by anyone in the role
    • the value of qualifications and accreditation schemes such as the scheme developed by the AEPD
    • what continuous development could or should look like
  • Best practice for a DPO to demonstrate how they have taken into account risk associated with processing operations
  • Linked to interpretation, there will also be some discussion around conflict of interest

There are categories for each of the topics listed above and I am sure more will be added as time goes on.

The research will also look at whether there is any evidence that introducing the role of DPO has improved levels of compliance, and what benefits have been realised by organisations, data subjects or supervisory authorities.

Earlier this year in May 2019 I gave a presentation on some of the topics listed above with some initial thinking around developing knowledge and the presentation is available to download below.

If you would like to participate in the research, there are more details available here.