Who needs a DPO?

Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.

An organisation is required to appoint a designated data protection officer where:

  • the processing is carried out by a public authority or body;
  • the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

Further guidance on the DPO role is available here.

To notify the DPC of your DPO please complete and submit the following form.

Please see our guidance note Data Protection Officer Register, which answers some of the most frequently asked questions related to the register.