Tag: Research

About 28,000 data protection officers are requiered to be appointed under the GDPR

20. April 2016

Article 37 of the GDPR states that data controllers and processors of personal information are required to appoint a data protection officer in cace:

(a)  The processing is carried out by a public authority or body (except courts); or

(b)  The controller’s or processor’s “core activities” require “regular and systematic monitoring of data subjects on a large scale” or consist of “processing on a large scale of special categories of data.”

A data protection officer is able to be appointed by a group, public authorities or individual legal entity. Article 39 of the GDPR requires that a data protection officer is “designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices”. Compliance, trainings on how to process data according to the law and the communication with the national authorities are part of the task area of a data protection officer.

Therefore, due to the GDPR organizations worldwide have to prepare for a number of new requirements in terms of data collection and processing. One particular requirement is that certain organizations will now have to appoint a data protection officer according to Arcticle 37 of the GDPR, as mentioned above. Research indicates the number of data protection officers required to be appointed under the GDPR will be about 28,000. This is an estimate based on official statistics regarding both public and private sector data controllers in the EU and taking further assumptions into account such assuming that US companies obliged to comply with the GDPR would also require a data protection officer, and of those companies who self-certified under Safe Harbor are likely included in that number.