What is a ‘Data Protection Officer’ (DPO) under EU law?
Key points:
EU data protection law imposes a duty on (1) public authorities or bodies, AND (2) organizations that carry out certain types of processing activities to appoint a data protection officer (DPO).
DPO’s assist in monitoring internal compliance, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIA’s), and act as a contact point for data subjects and Supervising Authorities.
The DPO must be independent, an expert in data protection, adequately resourced, and report directly to the highest level of management..
A DPO can be an existing employee or externally appointed.
In some cases several organizations can appoint a single DPO between them.
DPO’s help demonstrate compliance and are part of the enhanced focus on accountability.
European Data Protection Law requires the appointment of Data Protection Officers (DPOs) in certain cases and assigns to them certain responsibilities and protections .
