GDPR in focus: What will the role of a Data Protection Officer entail?

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday


If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer


Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.

The main responsibilities of the Data Protection Officer are to:

·         Inform and advise on GDPR matters relating to the organisation’s activities

·         Monitor compliance with the GDPR

·         Consider and implement Data Privacy Impact Assessments (DPIA)

·         Liaise with the Supervisory Authority

Ultimately, the DPO needs to understand the GDPR requirements, act as a knowledge source for the rest of the organisation, and be mindful of the risks surrounding ‘personal data’ processing.


Ensuring compliance, as well as providing the organisation with well-informed advice surrounding data privacy and the GDPR, are key to the role of the DPO. For this reason, the position cannot be undertaken by anyone who has direct control or influence over delivery, or is placed within a functional department.

Requirements of the role

The DPO must:

·         Have clear and direct access to the most senior management within the organisation

·         Be accessible by ‘data subjects’ if there is a complaint or Data Subject Access Request (DSAR)

·         Be bound by confidentiality

·         Have no conflict of interest arising from other duties

·         Have a clear understanding of the GDPR

·         Be able to articulate ‘Privacy by Design and by Default’ practices to all departments

·         Possess risk assessment and risk management skills

·         Ensure all necessary ‘data subject’ documentation and processes are in place.


If the responsibilities of the DPO are carried out properly within a business, then achieving and maintaining compliance with the GDPR will be reasonably straightforward. Fundamentally, the role works in the interests of the organisation, by reducing the chances of any substantial financial penalties from the Information Commissioners Office (ICO).

It’s important to note that the DPO role does not need to be assigned to a full-time employee of the organisation, but they must be independent of any of the processing/controlling activities. If you need help with this, contact us to find out about the Virtual DPO service we offer.