Skip to content

What Is a Data Privacy Manager?

Table of Contents

Where a person or organisation in the United Kingdom processes personal data about individuals, they must comply with the rules under the UK General Data Protection Regulation (UK GDPR). The UK GDPR prescribes stringent rules for organisations. For instance, rules include implementing various policies, procedures, and contracts to safeguard data privacy rights. Appointing a dedicated Data Privacy Manager can help organisations achieve compliance with the UK GDPR’s high standards. This article will explore the role of a Data Privacy Manager and their fundamental obligations. 

Do I Need to Appoint a Data Protection Officer?

Before considering a Data Privacy Manager, you should check whether you need to appoint a Data Protection Officer or ‘DPO’. 

As a business processing personal data, you must consider the rules on appointing a Data DPO under the UK GDPR and document your decision. 

A DPO is an individual nominated to be responsible for data protection matters. They have several key responsibilities to help ensure UK GDPR compliance. 

Under the UK GDPR, you must appoint a DPO if:

  • you are a public authority; 
  • your core activities require large-scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
  • your core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences.

Your organisation may choose to appoint a DPO voluntarily, even if you are not required to do so by law. Where a DPO is appointed, they must be independent and skilled in data protection law. They have a range of strict obligations when appointed, including not penalising them for performing their duties. The UK GDPR prescribes stringent rules for protecting DPOs. 

You should note that the DPO position requirements (along with any mandatory tasks) will apply to a voluntary DPO appointment as if the DPO appointment were compulsory.

If your organisation decides not to appoint a DPO, you should keep a written record of the decision made.  If your data processing changes over time, it is essential to keep the decision to appoint a DPO under review. 

Do I Need to Appoint a Data Privacy Manager?

Even if a DPO is not appointed, your organisation should appoint an individual responsible for data protection. Companies commonly achieve this by appointing a data privacy manager or data protection manager. 

A Data Privacy Manager is an individual who is responsible for overseeing an organisation’s data protection compliance measures. This differs from a Data Protection Officer, which is a formal role specified under the UK GDPR rules.

It is highly advisable to appoint an individual to this role. A Data Privacy Manager can work with business managers and directors to implement a coordinated approach to compliance with the UK GDPR rules. They can also help address compliance challenges and problem issues, such as dealing with subject access requests and responding to data breaches. 

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

What Should a Data Privacy Manager Do?

A Data Privacy Manager’s role will be similar to a DPO’s, although the two roles are separate. 

A Data Privacy Manager’s role will depend on the particular organisation and its processing activities, such as the types of personal data the organisation collects, the amount of personal data it processes, and the sensitivity of that data. 

Generally, some of the critical obligations of a Data Privacy Manager could include:

  • running UK GDPR compliance audits to monitor compliance;
  • delivering staff training on the UK GDPR
  • managing and updating internal UK GDPR policies and procedures; 
  • maintaining internal records, such as a Record Of Processing Activities; 
  • carrying out data protection impact assessments; 
  • advising the organisation on data protection questions and issues; 
  • responding to data breaches or cyber security incidents; 
  • carrying out spot checks in an organisation to check compliance standards; 
  • instructing legal teams to prepare contracts such as data processing and data sharing agreements; and
  • keeping up to date with data protection law rules and trends and keeping the company informed. 

A Data Privacy Manager can help improve compliance by demonstrating a daily commitment to fostering a culture of compliance in organisations. They can also offer staff a clear point of contact and an open door to raise questions and concerns about important privacy issues.

You should understand whether your organisation is obligated to appoint a formal DPO. If not, you should strongly consider appointing a Data Privacy Manager to help manage compliance. 

Front page of publication
GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now

You should seek legal advice if you are still deciding which particular role to appoint in your organisation. 

Key Takeaways

Whilst a DPO is a formal role mandated by the UK GDPR for specific organisations, a Data Privacy Manager role is generally less formal. 

A Data Privacy Manager is a more generic term for an individual responsible for data protection compliance in an organisation. However, there is often overlap between the roles of a Data Privacy Manager who oversees UK GDPR compliance. 

If your organisation does not legally require a DPO, consider appointing a Data Privacy Manager. A Data Privacy Manager can help ensure good data governance and demonstrate an organisation’s accountability with the UK GDPR rules. 

If you need advice on data protection law compliance, contact LegalVision’s experienced IT lawyers as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Register for our free webinars

Preparing Your Business For Success in 2025

Online
Ensure your business gets off to a successful start in 2025. Register for our free webinar.
Register Now

2025 Employment Law Changes: What Businesses Should Know

Online
Ensure your business stays ahead of 2025 employment law changes. Register for our free webinar today.
Register Now

Buying a Tech or Online Business: What You Should Know

Online
Learn how to get the best deal when buying a tech or online business. Register for our free webinar.
Register Now

How the New Digital and Consumer Laws Impact Your Business

Online
Understand how the new digital and consumer laws affect your business. Register for our free webinar.
Register Now
See more webinars >
Sej Lamba

Sej Lamba

Sej is an Expert Legal Contributor at LegalVision. She is an experienced legal content writer who enjoys writing legal guides, blogs, and know-how tools for businesses. She studied History at University College London and then developed a passion for law, which inspired her to become a qualified lawyer.

Qualifications: Legal Practice Course, Kaplan Law School; Graduate Diploma in Law, Kaplan Law School; BA, History, University College.

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards