Home Privacy Law GDPR Article 37 GDPR (Designation of The Data Protection Officer)

Article 37 GDPR (Designation of The Data Protection Officer)

Article 37 of GDPR: Data protection officer designation

Article 37 outlines the mechanics of designating a data protection officer.

When to designate a data protection officer (Article 37(1) GDPR)

Organizations should designate a data protection officer or DPO in any of the following instances:

  1. Data processing is being carried out by a public authority except for the judicial courts (Article 37(1)(a) GDPR)
  2. When an organization will require to process data by regularly and systematically monitoring of data subjects, on a large scale, as its core activity (Article 37(1)(b) GDPR)
  3. When an organization will want to process special categories of data, on a large scale, and personal data relating to criminal convictions and offences, as its core activity (Article 37(1)(c) GDPR)

DPO within a group of undertakings (Article 37(2) GDPR)

A company operating as a group has the option to appoint one single data protection officer provided that its DPO be readily accessible from each of its establishments.

DPO within a public authority (Article 37(3) GDPR)

A public authority or public body has the option to appoint one single data protection officer by taking into consideration the public authority organizational structure and size.

DPO for organizations representing categories of controllers or processors (Article 37(4) GDPR)

In the event a controller, processor, association or other bodies represent categories of data controllers or data processors, they may designate a DPO to act for such association or bodies representing the data controllers or processors.

Expertise of the data protection officer (Article 37(5) GDPR)

When appointing a data protection officer, organizations should consider the person’s qualifications for the position.

Particularly, the person’s expertise and knowledge of the data protection laws along with data protection practices are important.

The DPO must be able to carry out the tasks required of him under GDPR.

Relationship of DPO to the organization (Article 37(6) GDPR)

An organization may appoint a data protection officer either as part of its own employee headcount or hire an external organization providing DPO services.

Publication of data protection officer’s contact details (Article 37(7) GDPR)

Once a DPO is appointed, the organization must public the contact details of their DPO and communicate the person’s contact information to the supervisory authority.

Recitals applicable to Article 37 of GDPR

Relevant Recitals: 97

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 37 or relevant recitals

None

GDPR Text: Article 37 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

What Is A Special Purpose Entity (All You Need To Know)

What Is A Special Purpose Entity (Explained: All You Need To Know)

What Is Corporate Raiding (Explained: All You Need To Know)

What Is Corporate Raiding (Explained: All You Need To Know)

What Are Golden Shares (Explained: All You Need To Know)

What Are Golden Shares (Explained: All You Need To Know)

What Is A Targeted Repurchase (Explained: All You Need To Know)

What Is A Targeted Repurchase (Explained: All You Need To Know)

What Is A Friendly Takeover (Explained: All You Need To Know)

What Is A Friendly Takeover (Explained: All You Need To Know)

Editor's Picks

What Is Umbrella Corporation (Explained: All You Need To Know)

What Is An Umbrella Corporation (Explained: All You Need To Know)

How To Start A Business In Delaware [Step-By-Step Ultimate Guide]

How To Start A Business In Delaware [Step-By-Step Ultimate Guide]

Corporate Office (Meaning: What It Is And Why It’s Important)

Corporate Office (Meaning: What It Is And Why It’s Important)

Anonymous LLC (What It Is And How It Works: Overview)

Anonymous LLC (What It Is And How It Works: Overview)

Types of Businesses (Best Overview of Business Structures)

Types of Businesses (Best Overview of Business Structures)