The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Appropriate reporting

The DPO is independent and unbiased. They must report to the highest management level and staff must be clear about how to contact them.

Ways to meet our expectations:

  • Staff know who the DPO is, what their role is and how to contact them.
  • All data protection issues involve the DPO in a timely manner.
  • Your organisation follows the DPO’s advice and takes account of their knowledge about data protection obligations.
  • The DPO performs their tasks independently, without any conflicts of interest, and does not take any direct operational decisions about the manner and purposes of processing personal data within your organisation.
  • The DPO directly advises senior decision-makers and raises concerns with the highest management level.
  • The DPO provides senior management with regular updates about data protection compliance.

Can you answer yes to the following questions?

  • Could your DPO explain their responsibilities and how they carry them out effectively?
  • Does your DPO feel supported in their role?
  • Is it easy for your DPO to get access to the highest level management?
  • Can your staff explain what the DPO does and how to get in touch with them?