Article 37
EU GDPR
"Designation of the data protection officer"

=> Recital: 97
=> administrative fine: Art. 83 (4) lit a
=> Dossier: Data Protection Officer

1. The controller and the processor shall designate a data protection officer in any case where:

(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
=> Recital: 24
=> Dossier: Extensive Processing

(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10.
=> Recital: 91
=> Dossier: Extensive Processing

NEW: The practical guide PrivazyPlan^® explains all dataprotection obligations and helps you to be compliant. Click here!

2. A group of undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.
=> Dossier: Establishment, Group Of Undertakings

3. Where the controller or the processor is a public authority or body, a single data protection officer may be designated for several such authorities or bodies, taking account of their organisational structure and size.
=> Dossier: Group Of Undertakings

4. In cases other than those referred to in paragraph 1, the controller or processor or associations and other bodies representing categories of controllers or processors may or, where required by Union or Member State law shall, designate a data protection officer. The data protection officer may act for such associations and other bodies representing controllers or processors.
=> Dossier: Opening Clause

5. The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.
=> Recital: 97

6. The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract.

7. The controller or the processor shall publish the contact details of the data protection officer and communicate them to the supervisory authority.
=> Article: 39
=> Dossier: Reporting to supervisory authority, Obligation

BG - CS - DA - DE - EL - EN - ES - ET - FI - FR - GA - HR - HU - IT - LT - LV - MT - NL - PL - PT - RO - SK - SL - SV

Would you like to implement the EU General Data Protection Regulation step-by-step? Do you want clear explanations of specific issues and well-thought-out checklists? Do you want to ensure you are data-protection-compliant? If so the PrivazyPlan® is just what you are looking for.

© SecureDataService, Nicholas Vollmer, St.-Johannes-Str. 112, 41849 Wassenberg, Germany, +49 2432 93 44 20 - 0, info@privazyplan.eu (siehe Impressum / Datenschutz) (04.04.2023)

Article 37EU GDPR"Designation of the data protection officer"

Article 37
EU GDPR
"Designation of the data protection officer"