{1 - 24} GreyGrey
{25 - 49} GreenGreen
{50 - 499} BlueBlue
{500 - 4999} OrangeOrange
{5000 - 24999} RedRed
{25000+} BlackBlack

Please confirm that you would like to report this for an admin to review.


Does Every Company Need to Appoint a GDPR Data Protection Officer?



Confirm that you would like to Remove Email Alerts for your question. You cant undo this and you will not be able to re-subscribe.


1 Answer

The concept of a ‘Data Protection Officer’ (“DPO”) for organizations processing personal data has been alive and well for many years – already a mandatory requirement in some countries and best practice in others.

However, for the first time, the appointment of a DPO will be mandatory under the General Data Protection Regulation (“GDPR”) for many organizations regardless of their size or whether they are processing personal data in their capacity as a controller or a processor. But before you all rush out to recruit a DPO – stop, breathe and read this blog – you may be panicking unnecessarily.

Under the GDPR, there are three main scenarios where the appointment of a DPO by a controller or processor is mandatory:

The processing is carried out by a public authority;
The core activities of the controller or processor consist of processing operations which require regular and systematic processing of data subjects on a large scale; or
The core activities of the controller or processor consist of processing on a large scale of sensitive data or data relating to criminal convictions/ offenses.

Confirm that you would like to select this answer as the "Best Answer" to your question. This will bring this answer to to top and be highlighted as "Best Answer". You can always change this if a better answer is given.


You must be Logged In to Answer this Question

Already a Member, Log In
Not a member yet? Sign Up
happy wheels