Organisations may appoint a DPO on a voluntary basis - i.e. where they are not legally required to. An organisation, which does not wish to designate a DPO on a voluntary basis and is not legally required to designate a DPO, may employ staff or outside consultants with tasks relating to the protection of personal data. In this case it is important to ensure that there is no confusion regarding their title, status, position and tasks. Therefore, it should be made clear, in any communications within the company, as well as with data protection authorities, data subjects, and the public at large, that the title of this individual or consultant is not a ‘DPO'
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018