Data Protection Officers
Notify the Data Protection Commission of your DPO
As of 25 May 2018, the GDPR is the primary piece of legislation governing data protection. The requirement that existed under the previous legislative regime for organisations to register their data processing activities with the DPC no longer applies under GDPR. Accordingly, as of 25 May 2018 organisations will no longer be obliged to submit an application for registration of their data processing activities to the DPC and pay the applicable fee. Also, GDPR removes the requirement for the DPC to maintain a public register of such processing activities.
Notification of Data Protection Officers:
Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). Organisations are also required to publish the details of their Data Protection Officer and provide these details to their national supervisory authority.
An organisation is required to appoint a designated data protection officer where:
- the processing is carried out by a public authority or body;
- the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
- the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.
- Further guidance on the DPO role is available here