Perspectives

The Role of the Data Protection Officer

Under the GDPR, it is a requirement for certain data controllers and data processors to designate a DPO for their organisations. The designated DPO will play a leading and crucial role in implementing an effective data protection framework that complies with the new requirements as set out under the GDPR.

The Article 29 Working Party (WP29) adopted guidance on the role of the Data Protection Officer (DPO) under GDPR. What are the key criteria around the mandatory designation of a DPO? The Article 29 Working Party (WP29) brings clarifications.

Under Article 37(1) of the GDPR, data controllers and processors must designate a DPO in any case where:

The processing is carried out by a public authority or body except for courts acting in their judicial capacity;
The core activities of the controller or processor consist of processing operations which require regular and systematic monitoring of data subjects on a large scale;
The core activities of the controller or processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

Read the brochure!

Audit & Assurance

Financial Advisory

Consulting

Legal

Tax

Risk Advisory

Deloitte Private

Consumer

Energy, Resources & Industrials

Financial Services

Life Sciences & Health Care

Public Sector

Technology, Media & Telecommunications

Real Estate & Construction

Job Search

Deloitte Alumni

Students & Graduates

Experienced hires

Diversity & Inclusion at Deloitte Romania

Deloitte Technology Delivery Center

Regional Audit Delivery Center

Tax & Legal Delivery Centre

The Role of the Data Protection Officer

Recommendations