Frequently Asked Questions
A data protection officer (DPO) helps companies to monitor their compliance with data protection regulations. He also informs and advises them on their obligations in that area and is the point of contact for subject rights requests and supervisory authorities.
He can be an existing employee, as long as his duties do not lead to a conflict of interest, or an external professional.
Whether your company needs to appoint a data protection officer or not depends on various factors: Your companies core activities, country or region you are active or have offices in and the type of data you are treating. Also whether you are a public authority or body.
Contact our specialist team to find out if you need to appoint a DPO.
A data protection officer needs to be appointed if your organisations activities obligate you by GDPR to hire a DPO. There are various points to consider: Do you regularly and systematically monitor individuals on a large scale? Do your core activities lead to the regular treatment of defined categories of data? Are you a public authority?
Take our quick test further up the page, to find out if your company is legally required to appoint a data protection officer.
A data protection officer is responsible for educating the company about its regulatory compliance and related tasks. The DPO has to be independent and knowledgable about data protection. Is is possible to either appoint an internal employee as DPO, as long as there is no conflict of interest regarding the DPO duties or an external professional. The externally appointed DPO will need to perform the same tasks and duties, as an internal DPO would. Also consider to allow the DPO to report directly to the highest level of management.
The role of a data protection officer is to ensure that a company complies with data protection regulations, like the GDPR. That means, that the DPO informs everyone in the company who deals with data about their obligations and monitors the privacy compliance of the organisation. A data protection officer is also responsible for Data Impact Assessments (DPIAs) and acts as point of contact for subject rights requests. If the case requires, the DPO cooperates with data protection authorities, like the ICO .