CHAPTER 8: ROLE OF THE DATA PROTECTION OFFICER

The GDPR takes a role that already exists in some organisations, that of the DPO, and gives it statutory importance.

Articles 37–39 of the GDPR lay out the requirements for appointing a DPO, as well as their specification, role, duties and relationships with other entities (such as data subjects, controllers and processors, etc.).

Whether or not your organisation needs to appoint a DPO comes down to three basic conditions, according to the Regulation:

The controller and the processor shall designate a data protection officer in any case where:

(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

(b) the core activities of the controller ...

Get EU General Data Protection Regulation (GDPR), third edition - An Implementation and Compliance Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.