External Data Protection Officer (EU GDPR)

Primary Responsibilities

Working closely with data protection authorities as their contact inside the organisation and helping to ensure compliance.

Training staff on proper data handling practices

Maintaining knowledge of changes in law and technology

Building, implementing and managing privacy programs.


Risk and Technology: Experience assessing risk and best practice mitigation

Management System / Framework: Practical experience in designing and building management systems for the full operational life cycle.

Legal expertise and independence: Knowledge of EU legislation plus all relevant jurisdictions (including outsourcing activities / supplier services)

Cultural/Global: Interpersonal skills, flexibility and ability to effectively communicate with relevant business functions (Legal, IT, HR, Marketing etc.)

Leadership: Leadership and program management experience, and to manage own professional development Independent / Board Level: Ability to fulfil the role autonomously

Communication: Ability to speak in a ‘common language’ of the average employee and external data subject, to handle requests and complaints, and to help others assist data subjects.

Conflict management: Provide advice and guidance, avoiding conflict with internal management roles wherever possible

Primary eDPO Functions

Working with regulators: The DPO should be acquainted with relevant regulations (in jurisdictions where the organisation does business) and have a positive working relationship with them.

Accessibility to data subjects: The Article 29 Working Party has stressed the importance of DPO’s being available to answer data subject’s questions.

Assessing privacy risk: It is not the eDPO’s role to carry out privacy impact assessments, however the eDPO must monitor them and provide the controller with advice on them, including when to conduct one, methodology, whether to outsource it, selecting safeguards/controls, and ensuring compliance.

eDPO dismissal and penalties: An eDPO may not be penalised for performing DPO-related duties.

Skills Development

The Acuity Group methodology is based on the principle that the client investment should improve the internal capability of the organisation in terms of knowledge.


Effective communication is the process of changing ideas, data and information into knowledge, and is one of the critical means by which we are able.


In addition to implementing Acuity Group services and products, Acuity consultants can be engaged to consult on a variety of related issues including; support for Integrated Management Systems.

Foresight for responsible management