Assign topic to the user
Answer:
The EU GDPR requires the appointment of a formal Data Protection Officer (DPO) only in certain cases which are listed under article 37 (https://advisera.com/eugdpracademy/gdpr/designation-of-the-data-protection-officer/). So, if the company you are representing does not find itself in the in the situations described in the article mentioned above you don’t need to have a dedicated DPO and you are not required to have any document in place to back up this fact.
This, however, doesn't mean that the company can leave aside the EU GDPR. Data protection specific tasks can be given to different members of the organizations such as Legal Counsels, HR specialists , IT security specialists etc. or the tasks can be outsourced to a specialized third party.
Just make sure that those members of the organization you select for the data protection tasks have at least some knowledge about the EU GDPR and other relevant data protection laws.
Comment as guest or Sign in
Jan 05, 2018