DLP Insights

Early indications from the Data Protection Authority on how to select a Data Protection Officer

Categories: DLP Insights, Practice | Tag: Data Protection Officer, Experiences, Responsabile della protezione dei dati, Regulation, Authority, Competences

26 Sep 2017

The Data Protection Regulation 2016/679, which will become fully effective on 25 May 2018, has introduced among others the figure of Data Protection Officer (DPO). In consideration of the first requests for clarifications on their appointment, the Data Protection Authority, in its Newsletter no. 432 of 15 September 2017, has provided specific indications. In particular, the Authority has clarified that the public administrations, as well as private entities, when selecting a Data Protection Officer, must verify that they have specific competences and experiences, and that, on the contrary, no formal certifications of professional knowledge or registrations in proper rosters are required. In the opinion of the Authority, a DPO must in fact have a profound knowledge of the legislation and standard practice on privacy, and of the peculiar administrative rules and procedures of the relevant sector.  In any case, the Authority has reserved the right to provide further indications following the questions and requests for clarification on the Regulation, gathered during specific meetings that the Authority will hold with public and private entities.

More insights