Do I really need a Data Protection Officer?

Organisations need a Data Protection Officer (DPO) and his assignment is mandatory in certain specific cases:

  • when the processing is carried out by a public authority or body;
  • where the core activities of the controller or the processor consist of processing operations which require regular monitoring of data subjects;
  • where the core activities consist of processing special categories of data on a large scale or personal data relating to criminal convictions.

Article 37(4) states that Union or Member State law may require the designation of a DPO in other situations as well. The conclusion is, in order to be on the safe side and make sure you are 100% compliant to the GDPR, you should appoint a DPO.

Was this article helpful?

No 3