Whether your organisation needs to appoint a Data Protection Officer (“DPO”) is regulated in article 37 GDPR. To help your organisation, we have created a Flowchart that can help you make a decision on whether a DPO is required or not.
Before we look whether a DPO is required, let’s briefly discuss what a DPO is. In short, you can imagine a DPO to be a mandatory, independent, and personified in-house supervisory authority, which informs, advises and monitors GDPR-compliance of your organisation.
You can use the following questions to determine whether you need a DPO.
Is it unclear whether your organisation is required to appoint an DPO? If so, you must document why you have chosen to do so or not.
Did you conclude that you need to appoint a DPO? At Privacy Company we offer DPO services for many clients. Contact us, we might be able to help you out as well. Keep in mind that if you are not required to appoint a DPO, you are still bound by the GDPR. We can also be of assistance regarding general GDPR questions.