The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

What you should know about the Data Protection Officer

The primary role of the Data Protection Officer (DPO) is to ensure that her organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules. In the EU institutions and bodies, the applicable Data Protection Regulation (Regulation (EU) 2018/1725) obliges them each to appoint a DPO. Regulation (EU) 2016/679, which obliges some organisations in EU countries to appoint a DPO, will be applicable as of 25 May 2018.

Appointing a DPO

The appointment of a DPO must of course be based on her personal and professional qualities, but particular attention must be paid to her expert knowledge of data protection. A good understanding of the way the organisation operates is also recommended.

We offer services such as GDPR Audit, GDPR Implementation and Consultancy, DPO-AS-A-SERVICE.