Scribd
Upload
24 views2 pages

Data Protection Officer (DPO) - European Data Protection Supervisor

Uploaded by

MUOZI HATA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views2 pages

Data Protection Officer (DPO) - European Data Protection Supervisor

Uploaded by

MUOZI HATA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

European Data Protection Supervisor

 > … > Reference Library > Data Protection Officer (DPO)

Data Protection Officer (DPO) Translate this page

What you should know about the Data Protection Officer


The primary role of the data protection officer (DPO) is to ensure that her organisation processes the personal data of its staff, customers,
providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules. In the EU
institutions and bodies, the applicable Data Protection Regulation (Regulation (EU) 2018/1725) obliges them each to appoint a DPO. Regulation
(EU) 2016/679, which obliges some organisations in EU countries to appoint a DPO, will be applicable as of 25 May 2018.

Appointing a DPO
The appointment of a DPO must of course be based on her personal and professional qualities, but particular attention must be paid to her
expert knowledge of data protection. A good understanding of the way the organisation operates is also recommended.

Position of the DPO in the organigramme


The DPO is an integral part of the organisation, making her ideally placed to ensure compliance. Nevertheless, the DPO should be able to
perform her duties independently. In the EU institutions and bodies, there are a number of assurances guaranteeing this independence:

1. The applicable rules for EU institutions and bodies expressly provide that the DPO shall not receive any instructions regarding the
performance of her duties;

2. There must not be a conflict of interest between the duties of the individual as a DPO and her other duties, if any. To avoid conflict, it is
recommended that:
a DPO should not also be a controller of processing activities (for example if she is head of Human resources)
the DPO should not be an employee on a short or fixed term contract
a DPO should not report to a direct superior (rather than top management)
a DPO should have responsibility for managing her own budget.

3. The organisation must offer staff and resources to support the DPO to carry out her duties. In this respect, DPOs in EU institutions and
bodies can be seconded by an assistant or deputy DPO, and can rely on data protection coordinators (DPCs) in each section of the
organisation. Access to resources also includes training facilities.

4. The DPO should have the authority to investigate. In EU institutions and bodies, for instance, DPOs have immediate access to all personal
data and data processing operations; those in charge are also required to provide information in reply to her questions.

5. A minimum term of appointment and strict conditions for dismissal must be set out by the organisation for a DPO post. In the EU
institutions and bodies, the DPO is appointed for a period between three and five years, may be reappointed and can be dismissed only with
the consent of the EDPS.

Tasks of the DPO


The DPO has to ensure that the data protection rules are respected in cooperation with the data protection authority (for the EU institutions and
bodies, this is the EDPS). In the EU institution and bodies, the DPO must:

Ensure that controllers and data subjects areThis


informed about
website uses their data protection
necessary cookies to rights, obligations and responsibilities and raise
function.
awareness
If you give us yourabout them;
consent, we will also use cookies, when you visit our website, which allow us to collect data for aggregated statistics to improve our
services.
Give advice and recommendations to the institution about the interpretation or application of the data protection rules;
More information on cookies and data protection.
Create a register of processing operations within the institution and notify the EDPS those that present specific risks (so-called prior checks);
Accept cookies for aggregated statistics No thanks, only necessary cookies
Ensure data protection compliance within her institution and help the latter to be accountable in this respect.
Handle queries or complaints on request by the institution, the controller, other person(s), or on her own initiative;

Cooperate with the EDPS (responding to his requests about investigations, complaint handling, inspections conducted by the EDPS, etc.);

Draw the institution's attention to any failure to comply with the applicable data protection rules.

Useful information under Regulation (EC) 45/2001


List of the DPOs appointed by the EU institutions and bodies:
https://secure.edps.europa.eu/EDPSWEB/edps/site/mySite/DPOnetwork

The following non-exhaustive list is a selection of documents for further reading about DPOs:

Report on the Status of Data Protection Officers

Professional Standards for Data Protection Officers of the EU institutions and bodies

Survey on the function of DPC at the EU Commission

This website uses necessary cookies to function.


If you give us your consent, we will also use cookies, when you visit our website, which allow us to collect data for aggregated statistics to improve our
services.
More information on cookies and data protection.

You might also like