Logo Data Legal Drive, logiciel RGPD
Logo Data Legal Drive, logiciel RGPD
  • Solution
    • Solution
    • GDPR
      • Control
        GDPR diagnostic test Data Mapping Record of data processing activities
      • Automate
        Personal Data Breach management Privacy by design GDPR Management workflow
      • React
        Accountability management Data Subject Access Request (DSR) PIA – Privacy impact assessment Data governance management
      • Inform
        Clauses & contracts templates Information & Legal texts about GDPR Customer Success Support Follow-up of GDPR training
    • Sapin II
    • Control
      GDPR diagnostic test Data Mapping Record of data processing activities
    • Automate
      Personal Data Breach management Privacy by design GDPR Management workflow
    • React
      Accountability management Data Subject Access Request (DSR) PIA – Privacy impact assessment Data governance management
    • Inform
      Clauses & contracts templates Information & Legal texts about GDPR Customer Success Support Follow-up of GDPR training
  • Clients
  • Partner program
    • Partner program
    • Become partner
    • Our partners
  • Resources
  • Blog
  • About us
    • About us
    • Our team
  • En
Ask a demo
  • En
Ask a demo

DPO : Definition & missions

Home //DPO : Definition & missions
DPO : Definition & missions

DPO : Definition

The Data Protection Officer (DPO) is the person in charge of personal data protection in public or private organisations. This function existed in few companies but the GDPR enshrines it, makes it mandatory in certain cases and provides a framework.

For organizations where such designation is mandatory, the DPO would be the advisor and privileged intermediary with the CNIL in order to manage compliance with the GDPR.

Moreover, an assessment that was made after one year of application of the GDPR shows that VSEs/SMEs are increasingly using the DPO function to protect themselves from the risks and constraints imposed by the GDPR.

Indeed, appointment of an internal collaborator to carry out this function is a good practice, if not a sine qua non condition for ensuring compliance management and avoiding financial penalties.

What are the missions of the DPO

The DPO ensures data protection compliance within his or her organization. As such, the DPO must:

Inform and advise the organization in which he or she works and the organization’s employees.

Check compliance with the regulation and national law on the protection of personal data.

Propose to its organisation to establish a data protection impact assessment and ensure its execution.

Be available to answer questions from the data subjects.

Ensure cooperation with the local supervisory authority.

The DPO is therefore an essential and highly recommended function to enable an organisation processing personal data to ensure that it complies with the applicable regulations on the protection of personal data.

DPO Mandatory or not ?

Not all organisations, private or public, are obliged to appoint a Data Protection Officer within their structure. However, the DPO is strongly recommended by the CNIL. It has the role of advisor and allows you to manage your GDPR compliance.

Section 37.7 of the GDPR provides for the designation of an DPO in 3 specific cases:

When the processing is carried out by a public authority or body.

When the main activities of the controller and the processor involve regular large-scale monitoring of the data subjects by the processing operations.

When the main activities of the controller and the processor involve large-scale processing of categories of sensitive data (health data, biometric data, etc.) or personal data relating to criminal convictions and offences.

The skills and means to exercise the DPO profession

Before designating a DPO, it must be ensured that the DPO meets the following three conditions:

1. He must have the skills required to perform the DPO function (in-depth knowledge of legislation, a good knowledge of the internal organisation and the needs of the organisation, a good knowledge of information systems).

2. It must have sufficient resources to carry out the DPO function (accessibility to useful information; availability; sufficient time to carry out its missions; adequate material and human resources).

3. He must act in complete independence (there must be no conflict of interest in the event of cumulation of DPO functions with another function, no sanctions in the context of his DPO activity, no hierarchical instruction in the case of his DPO activity,…).

Finally, it is necessary to declare your DPO to the competent supervisory authority. For France, the CNIL has created an online declaration.

Outstanding partners

partenaire-institutionnel-dld-afje
partenaire-institutionnel-dld-dalloz
partenaire-institutionnel-dld-afje
partenaire-institutionnel-dld-irc
partenaire-institutionnel-dld-afje
partenaire-institutionnel-dld-afje
ds-avocats-logo-slide
partenaire-institutionnel-dld-ldpm

Our awards & prizes

lmdd-2020logo-slide
graine-de-boss-logo-slide
trophee-bareau-logo-slide
palmares-droit-2021-logo-slide
meilleure-legal-tech-2020-logo-slide
meilleure-legal-tech-2019-logo-slide
trophee-eurocloud
meilleure-legaltech-logo-slide
macaron-trophée-conformité-rgpd-2022
sommet-du-droit-2021-logo-slide
palmarès-du-droit-2022-logo-slide
trophée-du-droi-2022-logo-slide
tech500-logo-slide
sommet-du-droit-2022-mention-spéciale-logo-slide
  • OUR EXPERIENCE
  • More than 1500 customers
  • 25 users countries
  • ABOUT US
  • Our team
  • OUR OFFER
  • GDPR Software features
  • Join us !
  • Prices
  • Partner program
  • OUR RESOURCES
  • The GDPR
  • The DPO
A tool adapted to your company
Ask a demo
GDPR experts
Contact-us

Subscribe to our newsletter

  • Data Legal Drive collects and processes your personal data for the purposes of (i) responding to your requests for a demonstration of our services, to get in touch and/or (ii) sending you information about our services, news and privacy. Please see our Privacy Policy for more information about the data processing we do and your rights regarding your personal data.

  • This field is for validation purposes and should be left unchanged.
  • General Terms of Service
  • General Terms of Use
  • Privacy policy
  • Cookies policy
  • Legal mentions
  • Data Subject request