Enabling Customer Centricity

Do you need to appoint a Data Protection Officer?


To achieve GDPR compliance it may be required to appoint a person to oversee all data-protection related procedures. A Data Protection Officer:

  • Is knowledgeable about all aspects of GDPR
  • Does not receive instructions regarding the performance of their duties
  • Does not report to a direct superior (other than top management)
  • Has full access to all necessary resources within the organization needed to complete their tasks
  • Has the authority to investigate personal-data-related operations


A Data Protection Officer MUST be appointed in the case of: 

  1. public authorities, or
  2. entities that engage in large scale systematic monitoring, or
  3. entities that engage in large scale processing of sensitive personal data.


If you don’t fall into one of these categories, then you do not need to appoint a Data Protection Officer but it is important to define one person in your organization who will cover the requirements that make a DPO needed.

Was this article helpful?
0 out of 0 found this helpful

Have more questions? Submit a request