The New (And Misunderstood) Role of the GDPR Data Protection Officer

Regulation (EC) 45/2001 of the EU’s GDPR requires organizations that operate in a member state to appoint a data protection officer (DPO).
The GDPR data protection officer’s role is basically that of a compliance-focused data coordinator, ensuring that the organization’s processing of personal information is not going to infringe on the rights and freedoms of the data subjects.

There is definitely a lot of confusion over this new position. First of all, who is required to have one? All EU public bodies and authorities must have one along with any company processing data involving medical matters or criminal offences, but beyond that things become less clear.

Private companies are only required to appoint a Data Protection Officer if they engage in “core activities” that require “large scale” and “systematic” monitoring of data subjects. The size of an organization doesn’t matter as much as the volume of personal data it is handling.

Read entire article The New (And Misunderstood) Role of the GDPR Data Protection Officer  | Scott Ikeda | CPO Magazine

Leave a comment

%d bloggers like this: