Abstract

In connection with appointment of a data protection officer the appointing entity (controller or processor) needs to take organizational measures and information activities ensuring correct performance of the officer’s function. The organizational measure consists in setting internal rules concerning the status, responsibilities and powers of a data protection officer. Those rules are principally aimed at making the GDPR provisions more specific, while other information activities include publication of DPO’s contact data, informing the staff of the appointing entity of DPO’s appointment and inclusion of information on DPO’s contact data in information clauses meant for data subjects.