The position of Data Protection Officer (DPO) was introduced by the new European regulation on personal data protection (Art. 37 of the GDPR). The DPO is appointed by the data controller or data processor and his/her appointment must be disclosed to the National Supervisory Authority.
It is mandatory to appoint a DPO when:
The DPO establishes the company's privacy policy (to be ratified by management), drafting instructions to which employees can refer for an unambiguous interpretation of the application of the law.
The DPO may be in-house or external; in the latter case, the DPO may be a company or a consultant specialising in personal data protection issues
Faro is the right partner and offers its expertise in personal data protection legislation and practice.