It's time for organizations to decide whether they need a chief data protection officer
Posted: Wed Feb 12, 2025 8:44 am
itWeek №7 (943) December 18, 2018
Alex Sidorov | 07.12.2018
Appointing a data protection officer ( DPO ) is a key requirement of the European GDPR . But it's also an opportunity for your company to stand out, writes ERP Maestro CEO Jody Paterson on InformationWeek .
The deadline to comply with the EU General Data Protection Regulation (GDPR) has long passed, and we are adjusting to life under European law. While the new rules aim to give EU citizens more control over their personal data, the borderless global economy means that GDPR will affect every company doing business in Europe or collecting data about EU citizens.
Companies that violate the GDPR will be fined €20 million or 4% of global revenues, whichever is higher. One of the requirements is the appointment of a DPO. The GDPR introduces such a position and makes it mandatory for companies that meet certain criteria.
Do you need a DPO ?
First, you need to figure out whether your company needs a DPO. It depends on how you process data, how much data you process, and how you store it. According to Article 37 of the GDPR, a DPO is required in the following cases:
data processing is carried out by a government agency;
the controller's or processor's primary activity is to carry out operations that require regular and systematic processing of data on a large scale, or
the main activity of the controller or processor is the kenya whatsapp data of sensitive data on a large scale (Article 9) or data relating to judicial decisions or offences (Article 10).
But even with these clarifications, the answer is not always clear, as Daniel Newman, principal analyst at Futurum Research, points out. Unfortunately, there is no clear definition of “large scale.” Newman recommends creating a DPO if your company regularly collects and processes large volumes of personal data about EU citizens and does not destroy it after use.
What to Consider If You Need a DPO
It is important that the DPO maintains independence in assessing data privacy and does not create conflicts, and that your data protection and compliance measures meet today's standards.
The DPO must report to the top management without any intermediate links.
Who should be appointed to this position? According to Art. 37, the DPO can be an employee of the controller or processor, and can also work under a contract. Many organizations simply expand the functions of one of the employees. This is often the most effective solution for small businesses. Such a person must undergo appropriate training. There are training programs for obtaining a DPO certificate.
Alex Sidorov | 07.12.2018
Appointing a data protection officer ( DPO ) is a key requirement of the European GDPR . But it's also an opportunity for your company to stand out, writes ERP Maestro CEO Jody Paterson on InformationWeek .
The deadline to comply with the EU General Data Protection Regulation (GDPR) has long passed, and we are adjusting to life under European law. While the new rules aim to give EU citizens more control over their personal data, the borderless global economy means that GDPR will affect every company doing business in Europe or collecting data about EU citizens.
Companies that violate the GDPR will be fined €20 million or 4% of global revenues, whichever is higher. One of the requirements is the appointment of a DPO. The GDPR introduces such a position and makes it mandatory for companies that meet certain criteria.
Do you need a DPO ?
First, you need to figure out whether your company needs a DPO. It depends on how you process data, how much data you process, and how you store it. According to Article 37 of the GDPR, a DPO is required in the following cases:
data processing is carried out by a government agency;
the controller's or processor's primary activity is to carry out operations that require regular and systematic processing of data on a large scale, or
the main activity of the controller or processor is the kenya whatsapp data of sensitive data on a large scale (Article 9) or data relating to judicial decisions or offences (Article 10).
But even with these clarifications, the answer is not always clear, as Daniel Newman, principal analyst at Futurum Research, points out. Unfortunately, there is no clear definition of “large scale.” Newman recommends creating a DPO if your company regularly collects and processes large volumes of personal data about EU citizens and does not destroy it after use.
What to Consider If You Need a DPO
It is important that the DPO maintains independence in assessing data privacy and does not create conflicts, and that your data protection and compliance measures meet today's standards.
The DPO must report to the top management without any intermediate links.
Who should be appointed to this position? According to Art. 37, the DPO can be an employee of the controller or processor, and can also work under a contract. Many organizations simply expand the functions of one of the employees. This is often the most effective solution for small businesses. Such a person must undergo appropriate training. There are training programs for obtaining a DPO certificate.