WP29: Data Protection Officers (DPOs)

13 December 2016

Homepage | News

G 29

Articles 37, 38 and 39 GDPR

The WP29 has adopted the guidelines for Data Protection Officers (DPO).

The purpose

The purpose of this document is:

assisting and assisting data controllers and subcontractors in setting up the Data Protection Officer function;
to assist data protection officers in carrying out their mission.

Appoint a DPO

It recalled the cases in which the designation of a DPO is mandatory. It clarified all the conditions for mandatory appointment of the DPO.

Nevertheless, it stressed that apart from those situations where the appointment of a DPO is mandatory, it may be appropriate to designate a DPO voluntarily. In this case, the same obligations must be applied.

It advised processors and contractors to formalize in writing the reasoning they followed in concluding whether or not to designate a DPO in order to prove that all the important elements were taken into consideration.

Fonctions et missions du DPD

It also clarified the scope of the DPO function, as provided by Article 38 of the GDPR. In particular, it clarified the implementation of the obligation to involve the DPO in all matters relating to the protection of personal data, the condition of independence and absence of conflict.

It also listed the tasks of the DPO.

Link to article

Share this article

WP29: the right to data portability

Violaine Langlet of MGSI speaks to the Luxembourg Wort about the DPO