Go back to the main page of the Data Protection Guidance for the organisers
Data Protection Guidance - Question 8
What is the role of a Data Protection Officer (DPO)?
When should you designate a Data Protection Officer?
The designation of a Data Protection Officer (DPO) is legally required in particular where sensitive data are being processed on a large scale.
The DPO may be a staff member of your organisation or may be contracted externally based on a service contact. A DPO can be an individual or an organisation.
What are the tasks and responsibilities of a Data Protection Officer?
The DPO assists the controller in all issues relating to the protection of personal data. The tasks and responsibilities of the DPO are explained in detail the EDPB Guidelines on Data Protection Officers.
If this position is established, the contact details of the DPO will be communicated at the web address of the initiative in the European citizens’ initiative Register and in the privacy statement
PLEASE NOTE:
For the processing operations for which the Commission is responsible under the joint controllership agreement (Case scenario 1), the DPO of the Commission monitors the implementation by the Commission of its obligations under the EUDPR. Organisers may appoint a DPO in accordance with Article 37 of the GDPR in relation to their responsibilities as a (joint) controller.
References:
- Articles 37-39 of the GDPR
- EDPB Guidelines on Data Protection Officers
