Commentary

(6) Appointment of a data protection officer (DPO)

Division AII Contract of Employment
| Commentary

(6) Appointment of a data protection officer (DPO)

| Commentary

(6)     Appointment of a data protection officer (DPO)

Employers must appoint, or designate, a data protection officer (DPO) in any case where (UK GDPR art 37):

  1.  

    —     the employer's primary business objectives (core activities) consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;

  2.  

    —     the employer's primary business objectives (core activities) consist of processing on a large scale of special categories of data (see para [194.81]) or personal data relating to criminal convictions and offences (see para [20.16]);

To continue reading
Analyse the law and clarify obscure passages all within a practical context.