Assign topic to the user
Answer:
The responsible person to ensure that the inventory of processing activities would be the Data Protection Officer is the organization is bound to have one based on its processing activities.
Appointment of a DPO is necessary if (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR - “Processing of special categories of personal data” ( https://advisera.com/eugdpracademy/gdpr/processing-of-special-categories-of-personal-data/) and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR – “Processing of personal data relating to criminal convictions and offences”( https://advisera.com/eugdpracademy/gdpr/processing-of-personal-data-relating-to-criminal-convictions-and-offences/).
If you don’t need a DPO and don’t want to appoint one, then the task of managing the data inventory can be undertaken by another person within the organization.
Comment as guest or Sign in
Mar 20, 2018