4 min read

Writen by Zlatko Delev

Posted on: May 11, 2021

Data Protection Officer – Role and responsibilities

Data Protection Officer (DPO) is a new leadership role that is created with the enforcement of the General Data Protection Regulation (GDPR)

DPO is a cornerstone of accountability and appointing a DPO can facilitate compliance and competitive advantage for businesses- highly attractive traits.

The GDPR sets minimum responsibilities for a DPO that revolve around supervising the implementation of a data protection strategy, assuring compliance with GDPR, and other applicable data protection laws.

DPO also oversees the data privacy and data protection policies to ensure the operationalization of those policies through all organizational units and makes sure the organization processes personal data of data subjects (employees, customers, and other individuals) in a compliant way.

Article 39 of the GDPR outlines the DPOs’ core activities, tasks, and responsibilities:

  • Inform and advise the company (data controller or data processor) and employees how to be GDPR compliant and how to comply with other data protection laws
  • Manage internal policies and make sure the company is following them through
  • Raise awareness and provide staff training for any employees involved with processing activities
  • Provide advice regarding the data protection impact assessment and monitor its performance
  • Give advice and recommendations to the company about the interpretation or application of the data protection rules
  • Handle complaints or requests by the institutions, the data controller, data subjects, or introduce improvements on their own initiative
  • Report any failure to comply with the GDPR or applicable data protection rules
  • Monitor compliance with GDPR or other data protection law
  • Identify and evaluate the company’s data processing activities
  • Cooperate with the supervisory authority
  • Maintain the records of processing operations

DPO is not personally responsible for the GDPR compliance of the organization, it is always a controller or the processor who is required to demonstrate compliance.

GDPR does not specify exact qualifications for the Data Protection Officer, and there are no official certificates.

However, there are certain organizations that provide training and education, like the International Association of Privacy Professionals or IAAP that are considered to be valued in the data protection community.

DPOs’ place in the organization

DPO should be an integral part of your organizational structure and report directly to the highest management level, with access to the company’s data processing activities to truly ensure compliance, propagate data protection measures and perform assigned duties independently.

Companies are obligated to ensure that the DPO is involved properly and in a timely manner on issues related to the data processing activities within the organization.

There should be no conflict of interest between the DPO responsibilities and duties, and other duties within the organization.

Therefore, it is advised that the DPO should not operate any other role in the organization.

As a company, you can choose and appoint a DPO among the existing employees or you can outsource the role with an external DPO.

If your organization does not require a full-time DPO, you can appoint a DPO that can work half time as a DPO and half time in another role, provided that those roles are not in conflict with one other.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

ISO 27001 Controls: A Comprehensive Step-by-Step Guide

Organisations in today's world filled with technology require a good information security setup and

Comparing Information Security Frameworks and Data Protection Frameworks

With cyber threats evolving at an unprecedented rate and regulations tightening globally, understan

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy