Q&As

If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?

read titleRead full title
Copyright © 2025 LexisNexis
Published by a LexisNexis Risk & Compliance expert
Published on: 12 November 2019
imgtext

Under Article 37 of the General data protection Regulation, Regulation (EU) 2016/679 (the GDPR), companies have to appoint a data protection officer (DPO) if certain conditions are met. The information commissioner’s Office (ICO) offers a simple questionnaire to determine if a mandatory DPO is required. Even if a DPO is not required, a voluntary appointment of a formal DPO is possible.

A group of companies may appoint a single DPO provided that the DPO is easily accessible from each establishment (Article 37(2) of the GDPR). According to the Article 29 Data Protection Working Party Guidelines on Data Protection Officers (the DPO guidelines), ‘easily accessible’ refers to being available internally within the organisation as well as externally to data subjects and supervisory authorities.

The GDPR requires the details of the DPO to be published

Alexander Dittel
Alexander Dittel

Partner, Wedlake Bell

Alex has over 10 years of experience in data privacy and commercial matters. He joined private practice in 2013. Previously, he worked for a start-up and later for Google, where he developed a deep understanding of what matters to clients most. He spent time on secondments at Amazon and Pfizer.
 
Alex supports clients with specialist advice on matters involving data in technology, transactions and disputes, as well as general data protection compliance and cyber security matters.
 
Alex offers a critical view on the proportionality of data processing in new technologies including AI and automated decision-making with a drive to finding appropriate solutions, expertise in mature legitimate interest assessments and adequate outcomes in data transfer impact assessments. He brings a measured approach to negotiating data protection aspects of transactions.
 
Alex supports clients from the technology sector, fintech, adtech, health, cloud, property, transport, social media and digital trading.

Read moreRead more
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Data protection definition
What does Data protection mean?

In an employment context, this refers to the obligation on an employer to protect the data of its employees and ensure that it complies with the law on how it uses the employees' data.

Read more readmore

Popular documents

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit