While the title of data protection officer has long been in use, particularly in Germany and France, the General Data Protection Regulation introduced a new legal defintion of a DPO with specific tasks. Certain organizations, particularly those that process personal data as part of their business model or those who process special categories of data as outlined in Article 9, are obligated to designate a DPO on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices. The DPO has a variety of mandated tasks, including communication with the supervisory authority, conducting DPIAs, and advising the organization on the mandates of the GDPR and how to comply with it.
Data Protection Officer
Tags:
Related Stories
Study: An estimated 500K organizations have registered DPOs across Europe
As the EU General Data Protection Regulation approaches its first birthday, hundreds of thousands of privacy professionals have jobs tied to the milestone. New IAPP research indicates that an estimated 500,000 organizations have registered data protection officers across Europe under the GDPR.
The ...
DPO Toolkit
Here, you can find the IAPP’s collection of coverage, analysis and resources related to data protection officers....
DPO Handbook: Data Protection Officers Under the GDPR, 2nd Edition
This textbook provides a comprehensive view of all aspects of the role of Data Protection Officers (DPOs) under the EU’s General Data Protection Regulation....
Outsourcing your DPO – Article Series
Last Updated: November 2017
In this series, Thomas Shaw offers insight on the process of hiring and contracting an outsourced DPO and what the job entails.
Questions to ask
How to contract with your outsourced DPO
Real-life scenarios
...