Re: ITs job but not IT's problem
It was a joy for me to attend a presentation on GDPR by someone at Irwin Mitchell and hear that the IT Manager (me) can't be in overall charge of GDPR :D
That's a typical example of the level of stupid and incompetence that is flying around in the data protection space.
The real situation is that the role of DPO should not be given automatically to the IT Manager - it typically was in the old DPA scheme. The role of the DPO should be given to an individual who has a thorough understanding of how the organisation works and (and this is really important) has a thorough understanding of data protection. If this happens to be the IT Manager, then this is fine. If another individual is more suited then this is fine as well. One very important point is that the DPO must not be involved in the day-to-day processing of the dataset. Unfortunately this is where terminology stupidity comes in, because technically just storing the data, or facililating the storage of the data, means that an IT Manager is often seen as a processor of the data.