The EU's General Data Protection Regulation (GDPR), which is set to come into force in the UK in May 2018, requires many organisations to appoint a DPO.
"The DPO also being the in-house lawyer doesn't work," said Bond, speaking at a recent IT Leaders Forum event from V3's sister title Computing 'Getting ready for the GDPR'. "It can be someone with legal understanding, but they also need all the other requirements to cover information security, communication, and to understand the marketing and advertising side. It's an extraordinary job to take on as DPO."
Bond gave an example of a conversation with a colleague who was considering becoming the DPO for a Malaysian organisation, until Bond advised him that under certain situations he could end up with a three-year prison term. His colleague decided to appoint someone else, but his point was made, that the DPO role requires a broad range of expertise, and comes with genuine responsibility.
Bond also described the recent Panama Papers incident as a "wake up call", discussing the mountain of sensitive information held by his firm.
"The Panama Papers was a wake up call to us. We're in the cross hairs of anyone who wants to get hold of sensitive information, we're sitting on volumes of clients' personal data. My biggest worry about GDPR is trying to get lawyers to actually comply with the law, as we're awfully good at trying to get round things like being told we can't use that free service to upload data.
"I'm worried that we just need one Panama Papers ourselves and forget the fine, it's the reputational damage that will kill us," said Bond.
Mark Vartanyan was working for Norwegian e-healthcare firm Dignio when he was arrested
Samsung can't see a way to profitably compete against Amazon and Google
Fix being rushed out - but not quite as quickly as an ambulance to an emergency
Massive miner Rio Tinto claims 20 per cent of pit-to-port train kilometres in Australia are now driverless
Rio Tinto today, TfL tomorrow?