Short Reads

Countdown 9 weeks until GDPR : Will all companies be required to appoint a data protection officer?

Stibbe - Will all companies be required to appoint a DPO?

Countdown 9 weeks until GDPR : Will all companies be required to appoint a data protection officer?

22.03.2018 EU law

Only 9 more weeks to go before the GDPR becomes fully effective. Preparing your company for the application of this new regulation requires a correct understanding of its principles. Each week, we highlight one particular misconception regarding the interpretation of the GDPR.

Will all companies be required to appoint a data protection officer?

It is a common misunderstanding that all companies will be required by the GDPR to appoint a Data Protection Officer (“DPO”).

The designation of a DPO is only mandatory and thus only truly required for entities that act as a data controller or data processor in the three specific cases which have been described: (i) if the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; (ii) if the core activities (i.e., the primary activities or key operations that are necessary for achieving the goals of the controller or processor) consist of processing operations that require regular and systematic large-scale monitoring of data subjects, e.g., businesses that engage in profiling or tracking of online behaviour; or (iii) if the core activities consist of processing on a large scale the so-called “sensitive” categories of personal data, such as health data, biometric data, data revealing ethnic origin or religious beliefs, and information relating to criminal convictions. Additionally, Member State law may require the mandatory appointment of a DPO in other situations as well, as is already the case for Germany for example.

In other cases than those referred to above, the voluntary appointment of a DPO is merely recommended, thus not mandatory. Moreover, if an organization designates a DPO voluntarily, the requirements under the GDPR will fully apply to his or her designation, position, and tasks as if the designation were mandatory. This needs to be considered when deciding to appoint a DPO voluntarily.

 

Stibbe, together with Chiomenti, Cuatrecasas, GIDE and Gleiss Lutz, have gathered this useful information, reflecting some common misconceptions about the implementation of the GDPR.

Team

Related news

02.04.2020 NL law
Stibbe in Amsterdam answers questions from consumers, small business foundations and NGOs about the coronavirus

Inside Stibbe - In a special Q&A (in Dutch), lawyers from our Amsterdam office share their legal expertise and strive to provide answers to questions put to us by consumers, self-employed persons, enterprises large and small, foundations and NGOs as a result of the corona crisis.

Read more

18.03.2020 EU law
Stibbe: COVID-19

Short Reads - In view of the developments concerning the coronavirus, we hereby inform you of our business operations and the measures we take to ensure the continuity of our services to you.

Read more

12.03.2020 EU law
Stibbe sets up corona team

Inside Stibbe - The coronavirus (COVID-19) may have legal consequences for your business. We have set up a team of specialists who can provide insight into the legal implications of the virus.

Read more

10.03.2020 NL law
De AVG staat niet in de weg aan de verwerking van persoonsgegevens door een toezichthouder tijdens een bedrijfsbezoek

Short Reads - Bedrijven die met toezicht worden geconfronteerd, zijn gehouden op verzoek van een toezichthouder in beginsel alle informatie te verstrekken. Met de komst van de Algemene verordening gegevensbescherming (AVG) is in de praktijk de vraag opgekomen of een toezichthouder bevoegd is om persoonsgegevens die onderdeel uitmaken van de gevraagde informatie te verwerken.

Read more

This website uses cookies. Some of these cookies are essential for the technical functioning of our website and you cannot disable these cookies if you want to read our website. We also use functional cookies to ensure the website functions properly and analytical cookies to personalise content and to analyse our traffic. You can either accept or refuse these functional and analytical cookies.

Privacy – en cookieverklaring