Appoint a Data Protection Officer (DPO)

Your company/organization needs to appoint a DPO if its core activities involve the use of sensitive data or systematic monitoring, on a large scale. In that respect, monitoring the behavior of individuals includes all forms of tracking and profiling on the internet, including for the purposes of behavioral advertising.

Public administrations must always appoint a DPO (except for courts acting in their judicial capacity).

The DPO may be a staff member of your organization or contracted externally via a service contact. A DPO can be an individual or an organization.


DPO mandatory

A DPO is mandatory for example when your company/organization is:

  • a hospital processing large sets of sensitive data;
  • a security company responsible for monitoring shopping centers and public spaces;
  • a small head-hunting company that profiles individuals.
  • DPO not mandatory

    A DPO isn’t mandatory if:

  • you’re a local community doctor and you process personal data of your patients
  • you have a small law firm and you process personal data of your clients