A DPO’s role consists in supporting compliance leaders, coordinating data protection efforts and providing organizational training to ensure their effectiveness. It will also include many other responsibilities that may or may not require a dedicated resource.
A DPO is mandatory to facilitate your compliance with the GDPR in the following three specific cases:
- You are a Public Authority or Body, or acting as one
- Your core activity consists of processing on a largescale personal data, which require regular and systematic monitoring
- Your core activity consists of processing on a large scale of special categoriesof data (i.e. highly sensitive, such as political affiliation or sexual preference) or personal data relating to criminal convictions and offences
Non-compliance by your organization with the DPO provisions may be sanctioned by the imposition of administrative fines. Potentially affected companies should thus plan well ahead and have the required meetings with their respective Data Protection Authority.
If you are still in the dark on the purpose and place of a DPO within your organization, we can help you get a better picture.
Check out the infographic below for more in-depth responses:
Do you really need a DPO