Chapter 8: Role of the data protection officer

The GDPR takes a role that already exists in some organisations, that of the DPO, and gives it statutory importance.

Articles 37–39 of the GDPR lay out the requirements for appointing a DPO, as well as their specification, role, duties and relationships with other entities (such as data subjects, controllers and processors, etc.).

Whether or not your organisation needs to appoint a DPO comes down to three basic conditions, according to the Regulation:

The controller and the processor shall designate a data protection officer in any case where:

(a)the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

(b)the core activities of the controller ...

Get EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition by IT Governance Privacy Team

CHAPTER 8: ROLE OF THE DATA PROTECTION OFFICER

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly