HMRC has recruited a new Data Protection Officer (DPO) who will be responsible for leading the organisation through its General Data Protection Regulation (GDPR) duties, according to reports.
The appointment follows HMRC’s announcement late last year that it was sourcing an individual for the newly created role of DPO to be responsible for information governance in HMRC.
In the candidate pack, HMRC’s Jon Ashton, director of cyber security & information risks at the department, said: ‘This is a demanding role with significant leadership and assurance responsibilities across the whole span of data protection and data privacy issues.
‘This exciting high profile role is an opportunity to lead HMRC on its journey towards compliance with GDPR, working across HMRC and with the Information Commissioner’s Office, the UK’s regulatory authority for data protection. This role will also be responsible for Information Governance in HMRC, an organisation with one of the largest and most complex technology estates in the UK.’
GDPR measures come into force from 25 May this year and require all organisations that hold personal information to comply. HMRC currently has more than 2.5 billion pieces of data on individuals and businesses, highlighting the scale of the challenge for HMRC’s new DPO.
Other businesses are also being urged to make sure they are fully prepared for their new duties. Under GDPR, data breaches can attract heavy fines of up to €20 million or four per cent of global annual turnover. The Learn Centre is running a half day course on the new GDPR duties to ensure that payroll departments are prepared.
