What is a Data Protection Officer? 

A data protection officer (DPO) is an individual tasked with ensuring a company exhibits good data governance by maintaining compliance with GDPR and acting as a liaison between an organization and public authorities for all things GDPR. The DPO can be an employee within the company, or external to the company, but s/he must not be subject to conflict of interest claims because of his/her role within the company. In addition, the DPO should have access to senior management within the company and cannot be penalized for carrying out his/her responsibilities.

Below we’ve outlined a non exhaustive list of the DPO’s core responsibilities:

  • Ensuring his/her organization is aware of, and trained on, all relevant GDPR obligations
  • Training staff involved in data processing
  • Conducting audits to ensure compliance and address potential issues proactively
  • Acting as a liaison between his/her organization and public authorities
  • Acting as a liaison between the organization and data subjects
  • Monitoring performance and providing advice on the impact of data protection efforts
  • Maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities

While all of these responsibilities are designed around helping an organization be compliant with GDPR, the DPO does not need any formal training or expertise. Often times the DPO has a legal background, but there is no specific requirement for DPOs.

Have more questions about GDPR? Download our e-book. 

Download the GDPR Guide



This article is provided for general informational purposes only and is not intended to be legal advice.  By using the article, you agree that the information on this article does not constitute legal or other professional advice. The article is not a substitute for obtaining legal advice from a qualified attorney licensed in your state. The information on the article may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.