Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
Section 5.1 Which organisations must appoint a DPO?
The designation of a DPO is an obligation:
-
if the processing is carried out by a public authority or body (irrespective of what data is being processed)
-
if the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale
-
if the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences