Which organizations require a DPO?

Under the GDPR, certain organizations are required to appoint a designated Data Protection Officer (DPO). Organizations are also required to publish the details of their DPO and provide these details to their national supervisory authority.

An organization is required to appoint a designated data protection officer where:

  • the processing is carried out by a public authority or body;
  • the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offenses.

Need Help with GDPR?

Get in touch with us if you need help on the subject.