Guidance on Appropriate Qualifications for DPOs

Article 37.5 of the GDPR provides that a Data Protection Officer “shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article39. This guidance elaborates on the considerations controllers should take into account when assessing the level of knowledge and qualification which they need to ensure their DPO possesses.

Guidance on Appropriate Qualifications for a Data Protection Officer (GDPR) - Full Guidance Note