We are a small tech company from the USA. Our company purchased the EU GDPR kit, and now we would like to appoint our DPO internally. If he takes your DPO training can we officially point him? or should we still contract an external DPO?
Yes, you can appoint an internal Data Protection Officer (DPO) who should have knowledge in GDPR and data protection legislation.
Article 38 GDPR does not prescribe the position as internal or external, the choice is left up to the controller. It is important the person appointed has the independence from the board and the professional skills to perform tasks listed in Article 39 GDPR.Our course and the final exam can demonstrate that the appointed DPO has sufficient knowledge to perform the tasks.
Here you can find more information on the role of DPO: