DPO is a data privacy officer – a person appointed in an organization to supervise data protection and privacy rights management and overall GDPR compliance.DPO appointment is mandatory at every company if:
your core activities require large scale, regular and systematic monitoring of individualsOR your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
For example, you need to have a DPO appointed if:
You collect or process sensitive personal data of over 5,000 people. Example of sensitive data is health information (medical institutions, health insurance companies or brokers), data about political opinions, religious or philosophical beliefs, trade union membership (trade unions, employers), processing of genetic data or biometric data (where used for identification purposes), data concerning a natural person’s sex life or sexual orientation You process personal data of over 10,000 people, that may result in a high risk to the rights and freedoms of individuals, for example if you apply new technological solutions or AI (online shops, online platforms and applications), automated decision-making (creating credit reports and opinions, financial, credit or insurance service offers based on automated processing); verification services, credit of financial services to consumers, communication services (telephone, messages, e-post), systematic monitoring, geolocation and behavior tracking. You process personal data of over 50,000 persons (clients, users, website visitors, etc).
This applies to both controllers and processors.
If you have any questions on DPO functions or you need to know more about DPO julia.gramma@corelegal.eu