Data protection officers – new guidelines

After the first set of guidelines on data transfers to third countries, the second set of guidelines has now ‎been issued – this time concerning data protection officers.‎

The Danish Data Protection Agency, the Danish Agency for Digitisation, the Danish Business Authority and ‎the Danish Ministry of Justice have now issued the second set of the guidelines on the provisions of the ‎General Data Protection Regulation which will be issued during the period until January 2018. This time, ‎the guidelines concern DPOs. Click here to see a Danish version of the guidelines. ‎‎‎

The guidelines explain the requirements of the GDPR with regard to appointment of DPOs and describe ‎the tasks, qualifications, position and involvement of DPOs. ‎

From a HR law perspective, it is established, by way of example, that private businesses will typically ‎process sensitive personal data (e.g. data on health and trade union membership), but that this does not ‎in itself require the business to appoint a DPO.‎

In connection with the above, the Article 29 Working Party (A29 WP), which consists of representatives ‎from the individual national European data protection agencies, has already issued an announcement ‎concerning the role of the DPO, which is available here.

The content of the above is not, and should not be a substitute for legal advice.

More about the subject