Frequently Asked Questions
A data protection officer (DPO) helps companies to monitor their compliance with data protection regulations. He also informs and advises them on their obligations in that area and is the point of contact for subject rights requests and supervisory authorities.
He can be an existing employee, as long as his duties do not lead to a conflict of interest, or an external professional.
Whether your company needs to appoint a data protection officer or not depends on various factors: Your companies core activities and which type of data you are therefore treating. Also whether you are public authority or body.
You can find a simple test further up this page, that helps you to find out if your company needs a DPO. Or simply contact our specialist team for a free consultation.
A data protection officer needs to be appointed if your organisations activities obligate you by GDPR to hire a DPO. There are various points to consider: Do you regularly and systematically monitor individuals on a large scale? Do your core activities lead to the regular treatment of defined categories of data? Are you a public authority?
Take our quick test further up the page, to find out if your company is legally required to appoint a data protection officer.
A data protection officer is responsible for educating the company about its regulatory compliance and related tasks. The DPO has to be independent and knowledgable about data protection. Is is possible to either appoint an internal employee as DPO, as long as there is no conflict of interest regarding the DPO duties or an external professional. The externally appointed DPO will need to perform the same tasks and duties, as an internal DPO would. Also consider to allow the DPO to report directly to the highest level of management.
The role of a data protection officer is to ensure that a company complies with data protection regulations, like the GDPR. That means, that the DPO informs everyone in the company who deals with data about their obligations and monitors the privacy compliance of the organisation. A data protection officer is also responsible for Data Impact Assessments (DPIAs) and acts as point of contact for subject rights requests. If the case requires, the DPO cooperates with data protection authorities, like the ICO .