After the first set of guidelines on data transfers to third countries, the second set of guidelines has now been issued – this time concerning data protection officers.
The Danish Data Protection Agency, the Danish Agency for Digitisation, the Danish Business Authority and the Danish Ministry of Justice have now issued the second set of the guidelines on the provisions of the General Data Protection Regulation which will be issued during the period until January 2018. This time, the guidelines concern DPOs. Click here to see a Danish version of the guidelines.
The guidelines explain the requirements of the GDPR with regard to appointment of DPOs and describe the tasks, qualifications, position and involvement of DPOs.
From a HR law perspective, it is established, by way of example, that private businesses will typically process sensitive personal data (e.g. data on health and trade union membership), but that this does not in itself require the business to appoint a DPO.
In connection with the above, the Article 29 Working Party (A29 WP), which consists of representatives from the individual national European data protection agencies, has already issued an announcement concerning the role of the DPO, which is available here.
The content of the above is not, and should not be a substitute for legal advice.