Even when the GDPR does not specifically require the appointment of a DPO, organisations may sometimes find it useful to designate a DPO on a voluntary basis. The Article 29 Data Protection Working Party (‘WP29’) encourages these voluntary efforts. In addition to facilitating compliance through the implementation of accountability tools (such as facilitating or carrying out data protection impact assessments and audits), DPOs act as intermediaries between relevant stakeholders (e.g. supervisory authorities, data subjects, and business units within an organisation).
NOTE: if an organisation voluntarily appoints a DPO it will automatically bring all the provisions of the GDPR into effect.
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018