The GDPR created a new position; the Data Protection Officer. Whilst the vast majority of email marketing companies are not required to have one, it is a requirement for local authorities and those processing specified types of data, see here, you might think that the position would be useful, especially during the transition period.
The duties and responsibilities of the DPO are prescribed in Article 39 of the GDPR. Of particular note is the one which stipulates that they should report to board level without intermediate stages. It is unusual for such specific organisational requirement to be imposed but there are good reasons.
For those organisations which install them, DPOs will highlight problems within the organisation with regards data protection and have such matters brought to the attention of top management is seen by the GDPR as vital.
A second point is that if the advice of the DPO is rejected, presumably in whole or in part, then the reasons for doing so must be recorded. This will, it is hoped, concentrate the mind of those who make such a decision.
With reputations to protect as well as email marketing lists, many might feel that the functions of a DPO should be covered. You could go all out and have a DPO but that would mean having to conform to all the requirements of Article 39. For some, especially medium to large sized companies, this might be worthwhile. Those running smaller companies might feel that the full-fat one is not required.
You could have someone to ensure compliance with the GDPR as well as other data protection laws. This could be a member of staff or a regular check by an outside agency.
Your data protection policies should be monitored by a suitably qualified person, and so should your training policies, including ensuring awareness amongst your staff. You should already be running audits.
Check through Article 39 and ensure that those requirements that apply to your company are covered. If you most do then a DPO might be the better option, if only for a few months.
However, you choose to ensure you comply if you ignore advice, record why.
For further details on DPO please click here.