Going back to basics for the EDPB’s year of the DPO
This article examines the legal requirements for DPOs and breaks down the role’s designation, position and tasks as set out in the GDPR.
Contributors:
Amy Olivero
Associate in Cybersecurity and Privacy Practice
WilmerHale
Additional Insights
- Requirements of the GDPR-mandated DPO (Infographic)
- Building a Data Protection Officer (Article)
The European Data Protection Board officially kicked off its second annual coordinated action earlier this month, setting its focus on the “designation and position of data protection officers.” The EDPB’s current prioritization of the DPO reflects a few important points. The first is the unique, essential and increasingly important role DPOs are envisaged to play when it comes to contributing to and promoting data protection compliance. The second is, even after nearly five years of the EU General Data Protection Regulation, compliant and effective implementation of requirements related to the designation, structure and tasks of the DPO can be a challenging exercise for organizations and DPOs alike. The third — which remains to be seen via the EDPB’s coordinated enforcement — is the likely lack of an archetypal DPO given the diversity of sectors, organization sizes and domestic contexts across the EU.
Contributors:
Amy Olivero
Associate in Cybersecurity and Privacy Practice
WilmerHale