Specialists in European Privacy Recruitment
FAQS ABOUT THE APPOINTMENT OF DATA PROTECTION OFFICERS
(under the EU General Data Protection Regulation ('GDPR', 'Regulation')
This document has been prepared by DPO Network Europe for informational purposes only. The content of this document does not constitute legal advice and should not be relied upon as such. Please check with your legal counsel when in any doubt about understanding your rights and obligations in order to comply with the law and regulations.
Q1: Our company is based in the EU. Does this DPO provision apply to us?
You are required to appoint a DPO for your business if the core activities of your company consist of personal data processing which
Please carefully note that even if none of the situations apply to your processing, you (or the body which is representing you, if you are not established in the EU but processing data of individuals who are in the EU) may still have to appoint a DPO if it is required by the Member State law where your processing relates to. Check out the GDPR DPO Appointment Decision Tree! Q2: Our company is not based in the EU. Do we ALSO need to appoint DPOs?
Step 1: First establish whether your company is subject to the Regulation. Your non-EU based company will be subject to this Regulation if you are processing EU personal data as a consequence of:
Step 2: Once you assessed that your non-EU based company is subject to the Regulation, you must assess whether you have to appoint a DPO by applying the criteria in Question 1. Check out the GDPR DPO Appointment Decision Tree! Q3: Is there any further clarity on the tasks, required profile and the position of the DPO?
Yes. The Regulation defines the minimum tasks of a DPO. In addition, it provides for some clarity on the DPOs position within an organization, such as his/her reporting line, the manner how the job must be performed and your duties to facilitate the work.
Q4: What are the tasks of a DPO?
Your DPO will
Q5: What is the job holder profile?
You must designate a DPO on the basis of professional qualities and, in particular, expert* knowledge of data protection law and practices and ability to fulfil the tasks above.
* When defining the necessary level of knowledge, organizations are recommended to consider their type of data processing and the level of protection it requires. Q6: Can we assign one of our employees as our DPO?
Yes. However, you must ensure that other professional duties of this employee must be compatible with his/her new duties as DPO and do not result in a conflict of interests.
Q7: What is the minimum period for a DPO APPOINTMENT?
There is no prescriptive rule on the length of this tenure.
Q8: Could we appoint a single DPO for a group of companies?
Yes. A group of sister companies may appoint a single DPO provided that the DPO is easily accessible from each establishment.
Q9: Do we need to have an 'in-house' DPO on an employment contract?
No. You can also recruit and appoint an external DPO who will work on the basis of a service contract.
Q10: Who should our DPO report to?
Your DPO must report directly to the highest management level of your organization. (S)he must be in a position to perform tasks in an independent manner, should not receive any instructions regarding the exercise of his/her tasks nor could (s)he be dismissed or penalized for performing those tasks.
Q11: What other duties do we have as an employer?
You must
Q12: Anything else we need to know?
While performing his/her tasks your DPO has to consider the risk associated with the processing operations, taking into account the nature, scope, context and purposes of the processing. Your DPO will also be bound by secrecy or confidentiality concerning the performance of his or her tasks.
Q13: What if we fail to follow these provisions?
The violation of the DPO related provisions of the Regulation may cause huge administrative fines (up to 10 000 000 EUR, or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher).
Q14: We ARE LOOKING to recruit A DPO for OUR EUROPEAN BUSINESS.
How do we find the right TALENT as soon as possible? We can help! DPO Network Europe is Europe's distinctive recruitment brand in data protection & privacy. Thanks to our growing candidate network of experienced in-house and external DPOs across Europe, we are able to connect you to the right talent wherever your vacancy is based.
Learn how we assist businesses with: - in-house DPO recruitment - external (contract) DPO recruitment |
GOT A QUESTION ABOUT FINDING DPOS IN EUROPE?
OR DO YOU HAVE A DPO VACANCY TO FILL RIGHT NOW?
OR DO YOU HAVE A DPO VACANCY TO FILL RIGHT NOW?