News top

Data Protection Officer (DPO)

With GDPR now in place many companies still do not fully understand the necessity of hiring a DPO and his/her responsibilities. In this article, we will touch on the DPO’s role within the company.

According to GDPR, a data protection officer (DPO) is a position within a corporation that acts as an independent advocate for the proper care and use of customer’s information. Under the GDPR, you must appoint a DPO if:

  • you are a public authority or body (except for courts acting in their judicial capacity);
  • your core activities require large scale, regular and systematic monitoring of individuals (for example, online behavior tracking);
  • your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.


This applies to both controllers and processors. You can appoint a DPO if you wish, even if you are not required to. If you decide to voluntarily appoint a DPO, you should be aware that the same requirements of the position and tasks apply had the appointment been mandatory. If you decide that you don’t need to appoint a DPO, either voluntarily or because you don’t meet the above criteria, it’s a good idea to record this decision to help demonstrate compliance with the accountability principle.

The DPO’s tasks are defined in Article 39 as:

  • to inform and advise you and your employees about your obligations to comply with the GDPR and other data protection laws;
  • to monitor compliance with the GDPR and other data protection laws, and with your data protection polices, including managing internal data protection activities; raising awareness of data protection issues, training staff and conducting internal audits;
  • to advise on, and to monitor, data protection impact assessments;
  • to cooperate with the supervisory authority; and
  • to be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc.).


As long as the professional duties of the employee are compatible with the duties of the DPO and do not lead to a conflict of interests, you can appoint an existing employee as your DPO, rather than you having to create a new post. You can also contract out the role of DPO externally, based on a service contract with an individual or an organization. It is important to be aware that an externally appointed DPO should have the same position, tasks and duties as an internally appointed one.

Appointing a DPO is just one of the most important GDPR requirements that need to be considered. If you’d like to re-assess your entire GDPR compliance status and make sure that in case of an external audit you can show comprehensive documentation with all areas impacted by GDPR and your progress level - subscribe to and get exactly what you need – a full assessment report on GDPR status in your organization together with tailor-made recommendations for further steps where required. Check it now at the link below:


A honlap utolsó módosításának időpontja: 2018.09.21