Data Protection Officer

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Data Protection Officer (DPO) ensures, in an independent manner, that an organization applies the laws protecting individuals’ personal data. The designation, position and tasks of a DPO within an organization are described in Articles 37,[1] 38[2] and 39[3] of the EU General Data Protection Regulation (GDPR).[4]

According to the GDPR the Data Protection Officer shall directly report to the highest management level. This doesn’t mean the DPO has to be line managed at this level but they must have direct access to give advice to senior managers who are making decisions about personal data processing.[5]

The core responsibilities of the DPO include ensuring his/her organization is aware of, and trained on, all relevant GDPR obligations, Conducting audits to ensure compliance and address potential issues proactively, and acting as a liaison between his/her organization and the public regarding all data privacy matters.[6]

In Germany, since 2001, the DPO has additional protections from being laid off, so to avoid companies to discharge their DPO who is simply doing his job.[7] Since May 2018, the GDPR has introduced similar protections across the EU (GDPR, Article 38).


  1. ^ "GDPR Art.37". Intersoft. Retrieved 26 April 2018.
  2. ^ "GDPR Art.38". Intersoft. Retrieved 26 April 2018.
  3. ^ "GDPR Art.39". Intersoft. Retrieved 26 April 2018.
  4. ^ "GDPR Official Text". EU Commission. Retrieved 26 April 2018.
  5. ^ "Data protection officers". ICO. Retrieved 9 May 2018.
  6. ^ "What is a Data Protection Officer?". TrueVault. TrueVault.
  7. ^ "What will mandatory DPOs look like under the GDPR". IAPP. Retrieved 26 April 2018.

External links[edit]