Tell us about your Team 

This section helps to understand the roles of individuals relating to privacy in your business. Don't worry if it's just you, for a lot of business it will be. Whether you’re managing privacy solos on your own or in a team, will adapt to suit you ogransiation. 


Are you required to appoint a data protection officer (DPO)? 

A Data Protection Officer is an individual whose duty is to ensure that an organisation applies the laws protecting individuals' personal data, in an appropriate and independent manner.  

If you are only handling personal data to fulfill basic activities such as delivery of goods, recording transactions, communicating with staff, and the nature of the information you processes is low risk (eg. name, email, phone number) then it is unlikely that you will need to appoint a DPO. 

However if you consider data processing a core part of your business and/or the nature of the data you process could be considered high risk, ( eg. passwords, identification documents, payment details, religious views etc) then it is likely you will need to formally appoint a Data Protection Officer. Screen_Shot_2021-03-02_at_18.34.03.png

Here's what the ICO has to say.: 

“You must appoint a DPO if:

  • your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
  • your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences; or
  • you are a public authority or body (except for courts acting in their judicial capacity)”

Link to ICO advice


You can appoint a DPO if you wish, even if you aren't required to. If you decide to voluntarily appoint a DPO you should be aware that the same requirements of the position and tasks apply had the appointment been mandatory.

Who is your Data Protection Officer?

This is where you can add your data protection officer to the system, if you have one. Assign the relevant member of your team be it yourself or someone else by selecting the name from the drop down list. Screen_Shot_2021-03-01_at_18.37.14.png

If the individual is not yet registered in the system you can add them by selecting the pink and white button ”Add new team member”Screen_Shot_2021-03-01_at_18.37.26.pngScreen_Shot_2021-03-01_at_18.01.19.png

What publicly visible email address can your Data Protection Officer be contacted on?

The regulator requires you to publish the contact details of your DPO and

register the details of your DPO with the ICO.

The email address you provide here will be used to enable individuals, your employees and the ICO to contact your DPO as needed. You aren’t required to include the name of your DPO. The information you enter here will be used in your privacy policies and records of processing.


Set up a dedicated email for this that is checked regularly to make sure you don't miss any important communications. Some messages such as subject access requests or data breach alerts are time critical. Not responding to these promptly could leave you exposed to the risk of fines. Staying on top of these communications is of paramount importance.  Screen_Shot_2021-03-01_at_18.39.38.png

Have you registered your Data Protection Officer with the ICO?

If you have appointed a DPO you must register them with the regulator. It only takes a minute to do on the ICO website. Register your Data Protection Officer with the ICO.