Published: July 2018Click To View (PDF) Now that the GDPR is in effect, many organizations need data protection officers. However, not all organizations can or need to staff the DPO role in-house — and the regulation does not require organizations to do so; Article 37(6) allows for the data prote...

Last Updated: April 2021 Article 37(7) of the EU General Data Protection Regulation requires that “the controller or the processor shall publish the contact details of the data protection officer and communicate them to the supervisory authority.” But how does one go about communicating this info...

Published: April 2018 The following are a minimum set of provisions an outsourced DPO contract should have. It must be emphasized that no contract should be drafted without undergoing legal review, especially as it relates to provisions impacted by local laws. There will also be a set of legal pr...

(September 2017) – In this white paper overview, IAPP Legal Extern Carissa Hanratty, CIPP/US, explores some of the jurisdictions in which personal liability exists, with an appendix linking to the various legal texts....

Cobbling together information from the GDPR and Article 29 Working Party guidance, the IAPP has developed this sample DPO job description. This description is intended to be a jumping off point for you to create one that fits the needs of your organization....