The controller and the processor shall designate a data protection officer in any case where:
- the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
- the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
- the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10
In the GDPR compliance app, you will find a section where you confirm your decision to appoint, complete the DPO's details and maintain a checklist.
Read more about demonstrating compliance here
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018