V&A museum mulls outsourced data-protection officer model ahead of GDPR
Art-and-design museum claims GDPR audit is well underway as it seeks market input on possible DPO-as-a-service implementation
Pictured here is V&A director Tristram Hunt in one of the museum's exhibition rooms Credit: Yui Mok/PA Archive/PA Images
London’s Victoria and Albert Museum (V&A) is considering the possibility of using an outsourced data-protection officer service to fulfil its obligations under the EU General Data Protection Regulation.
To comply with GDPR, which comes into effect in the UK on 25 May, all public bodies must nominate a named data-protection officer (DPO). In recent months, some public-sector organisations have looked to recruit such an individual to fill a newly created and dedicated role, while others have reassigned or given additional duties to incumbent staff.
Another option available to public bodies is to outsource such a post to a DPO-as-a-service-style provider. While it is yet to definitively decide on which model it wishes to pursue, the V&A is mulling the use of an outsourced DPO to meet its GDPR obligations.
The museum has issued a competitive contract notice looking for potential suppliers who provide such an offering to get in touch and supply details of the kind of service they could deliver, and at what cost.
- Home Office creates £85k role for new data-protection leader
- The ten key questions – and nine answers – facing the public sector on GDPR
- Public sector bodies must appoint data-protection officer or risk huge fines
The V&A said that it is “currently in the midst of a detailed data protection audit and GDPR implementation process [and does] not need advice or support on GDPR compliance” more widely.
“The V&A is quite far along in its analysis of the consequences of the GDPR,” the museum added. “An audit is underway and appropriate structures, policies, and procedures will be in place by the May 2018 deadline.”
Located in the London district of South Kensington, the V&A owns a permanent collection of about 2.3 million objects, attracting 3.4 million visitors in the 2016/17 year. It characterises itself as “the world’s leading museum of art and design”.
In addition to its flagship site, it also runs two other London locations – the Museum of Childhood in Bethnal Green, and an archive and study collection at Blythe House in West Kensington – as well as a storage facility in Salisbury.
While GDPR is right to provide individuals with greater control over how their information is used, the benefits of sharing data should not be overlooked, believes Rose Lasko-Skinner of Reform
HMRC seeks to appoint ‘ID issuer’ to comply with EU legislation and tackle £2bn annual tax gap caused by illicit tobacco trade
Failure of project to improve safeguarding checks also casts doubt on department’s capacity to successfully deliver the Emergency Services Network, report finds
Last year thousands of IT deals were awarded to small local players, newly published figures indicate
The cautionary tale of the Leicestershire teenager who hacked high-ranking US officials shows the need for improved password security
Calm has turned a section of the 57,509-word EU document into a sleep-inducing audio book