Data Protection Officer Requirements by Country
This chart catalogues global DPO requirements and provides links to the relevant laws, along with an overview of the covered entities under each law.
Published: 23 March 2021
Last updated: 20 Jan. 2026
Many privacy and data protection laws around the world require organizations to designate a data protection officer or similar role, such as privacy officer, to translate legal obligations into reality and to be accountable for compliance.
This chart catalogues global requirements and provides links to the relevant laws, along with an overview of the covered entities under each law. It details how the DPO position should be structured and positioned within the organization, the DPO’s responsibilities and necessary qualifications, and whether organizations are required to notify the country’s data protection authority of the DPO’s appointment and/or publish the DPO’s contact information.
If you are aware of additional information that should be included here, please email the IAPP’s Research Center at research@iapp.org.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Data Protection Officer Requirements by Country
This chart catalogues global DPO requirements and provides links to the relevant laws, along with an overview of the covered entities under each law.
Published: 23 March 2021
Last updated: 20 Jan. 2026
Contributors:
Müge Fazlioglu
Principal Researcher, Privacy Law and Policy, IAPP
CIPP/E, CIPP/US
Patrick Miskovsky
Maine Law School
Many privacy and data protection laws around the world require organizations to designate a data protection officer or similar role, such as privacy officer, to translate legal obligations into reality and to be accountable for compliance.
This chart catalogues global requirements and provides links to the relevant laws, along with an overview of the covered entities under each law. It details how the DPO position should be structured and positioned within the organization, the DPO’s responsibilities and necessary qualifications, and whether organizations are required to notify the country’s data protection authority of the DPO’s appointment and/or publish the DPO’s contact information.
If you are aware of additional information that should be included here, please email the IAPP’s Research Center at research@iapp.org.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Tags:
