Q&As

Is a Housing Association required to have a Data Protection Officer or is it just recommended as good practice?

read titleRead full title
Published on LexisPSL on 04/02/2019

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • Is a Housing Association required to have a Data Protection Officer or is it just recommended as good practice?

Is a Housing Association required to have a Data Protection Officer or is it just recommended as good practice?

Article 37 of Retained Retained Regulation (EU) 2016/679, UK General Data Protection Regulation (UK GDPR) requires a data controller or processor to appoint a data protection officer (DPO) where any of the following apply:

  1. the processing is carried out by a public authority or body, other than a court acting in its judicial capacity

  2. the core activities of the controller or processor consist of:

    1. processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale, or

    2. processing on a large scale of special categories of data (ie sensitive personal data) or personal data relating to criminal convictions and offences

  3. otherwise required by EU or Member State law

For further information, see Practice Note: Data protection

Popular documents