GDPR 11. Data Protection officers

GDPR 11. Data Protection officers

November 6, 2017


A Data Protection Officer must be appointed in an organisation under certain circumstances:

  • A public authority, except judicial courts

  • Organisations performing monitoring of individuals on a large scale

  • Organisations that process large volumes of special categories of data, such as health or criminal records.

A Data Protection Officer can act for a company or a group of companies, but it is important that he has the skills to perform as a DPO.


Obligations of a DPO


  • Inform the organisation and its employees of their obligations to comply with the GDPR and other Data Protection laws

  • Monitor compliance, including with the GDPR, including managing data protection activities, impact assessments, training, and internal audits.

  • And to be the first point of contact for external authorities as well as individual's who's data is being processed and should be protected by the organisation.

Reporting structure for the DPO


The DPO should report directly to the highest authority in the organisation (ie: The Board)

The DPO should operate independently and cannot be dismissed or penalised for doing their job

They should have adequate resources to be able to perform his duties to meet the GDPR obligations.


A Data Protection officer does not need to have a specific qualification, the GDPR does not specify it, but they need to have good knowledge of the data protection law, which is essential for them to be able to fulfil their obligations under the GDPR.


GDPR is coming into force on 25th May 2018


< 10. Data Protection by Design       12. International > 





Please reload

Recent Posts

Please reload


Please reload


Please reload



Horsham, UK



+44 1403 801 001