Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; (b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or EU General Data Protection Regulation Official Journal of the European Union 4 May 2016 Page 30 of 68
(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
In absence of those conditions, I suppose that the appointment of a DPO is NOT obligatory?
Answer:
Exactly, if a company/entity does not find itself in the situations described at article 37 of the EU GDPR - Designation of the data protection (https://advisera.com/eugdpracademy/gdpr/designation-of-the-data-protection-officer/) then it does not need to appoint a Data Protection Officer.
To find out more about the role of the Data Protection Officer you can check out free GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Mar 23, 2018