{"id":17413,"date":"2021-10-15T12:12:06","date_gmt":"2021-10-15T11:12:06","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/?p=17413"},"modified":"2022-02-24T12:47:38","modified_gmt":"2022-02-24T11:47:38","slug":"data-protection-officer-do-i-need-it","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/","title":{"rendered":"Data Protection Officer: do I need it?"},"content":{"rendered":"\n<p>Almost 7 years have passed since I <strong><a href=\"https:\/\/www.rosello-mallol.com\/es\/dpo-lo-necesito\/\" target=\"_blank\" rel=\"noreferrer noopener\">spoke<\/a><\/strong> on this blog about the need (or not) for a <strong>Data Protection Officer (DPO)<\/strong>. Many things have happened since January 2015, and beyond defining the cases in which a DPO is legally required, I want to focus on the day to day of your Officer, if you have appointed one or are thinking of doing so.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What does the law say?<\/strong><\/h2>\n\n\n\n<p>Both the <strong><a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/ES\/TXT\/?uri=uriserv:OJ.L_.2016.119.01.0001.01.SPA&amp;toc=OJ:L:2016:119:TOC\" target=\"_blank\" rel=\"noreferrer noopener\">GDPR <\/a><\/strong>and the <strong><a href=\"https:\/\/www.boe.es\/buscar\/doc.php?id=BOE-A-2018-16673\" target=\"_blank\" rel=\"noreferrer noopener\">LOPD<\/a><\/strong> provide for specific cases in which <strong>a DPO must be appointed<\/strong>. If your company or activity is included in these cases, end of discussion, you really need a DPO.&nbsp;<\/p>\n\n\n\n<p>Articles 37.1 of the GDPR and 34 of the LOPD, respectively, define these assumptions: I want to pause here to discuss the effective role of the DPO in your company beyond completing the procedure. It should be noted, however, that the DPO can be appointed on a <strong>voluntary basis<\/strong>, outside the cases marked by law and that, in fact, this circumstance can be taken into account as a <strong>mitigating factor<\/strong> in the event of penalty proceedings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What do you need to know if you appoint a Data Protection Officer?<\/strong><\/h2>\n\n\n\n<ul><li>His or her appointment must be formally <strong><a href=\"https:\/\/sedeagpd.gob.es\/sede-electronica-web\/vistas\/formDelegadoProteccionDatos\/procedimientoDelegadoProteccion.jsf\" target=\"_blank\" rel=\"noreferrer noopener\">communicated<\/a><\/strong> to the AEPD.<\/li><\/ul>\n\n\n\n<ul><li>Although not mandatory, you should have some type of data protection certificate.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What are the tasks of a DPO?<\/strong><\/h2>\n\n\n\n<p>Both the RGPD and the LOPD extensively define the duties of the Data Protection Officer. However, I would like to discuss what the <strong>regulations do not say<\/strong> and what, in my opinion, would be the characteristics of a good DPO for your company:<\/p>\n\n\n\n<ul><li><strong><span style=\"text-decoration: underline;\">Communicating his or her appointment to third parties<\/span><\/strong><\/li><\/ul>\n\n\n\n<p>The appointment of a DPO to remain solely in the managerial field and deal with communications with the AEPD is a very far cry from what a DPO should be. All too often, companies appoint a DPO as a merely administrative role and the person who performs these duties is not known by those who really should be aware of his or her existence.&nbsp;<\/p>\n\n\n\n<p>Therefore, when you have a DPO, whether he or she is external or internal, everyone in your organisation needs to know about his or her existence and duties and, most importantly, they must know when to contact him or her before starting with certain data processing. For this to happen, <strong>all company staff must be aware that a DPO has been appointed<\/strong>.<\/p>\n\n\n\n<p>Along the same lines, <strong>your customers should know that you have a DPO<\/strong>, and a method of contacting him or her must be included in the <strong>Privacy Policy<\/strong>, and an informative notification made on the appointment to customers whose data you already have. <\/p>\n\n\n\n<p>Do not forget that one of the duties of the DPO is to intervene in the event of conflicts between the data holders and the company processing them and, therefore, customers and other data subjects must be aware that this position exists in your company.<\/p>\n\n\n\n<ul><li><strong><span style=\"text-decoration: underline;\">Integrating the DPO into relevant decisions<\/span><\/strong><\/li><\/ul>\n\n\n\n<p>It is impossible for a DPO to know that a company has processed the data in a certain way when this has already been completed. This would prevent the DPO from doing one of his or her main jobs, which is none other than to ensure the principle of <strong>Privacy from Design<\/strong>.<\/p>\n\n\n\n<p>When thinking of a new email marketing campaign, when hiring a new provider with data access or when installing cameras, the DPO should be aware of these facts <strong>before they occur<\/strong> in order to give his or her opinion. His or her opinion must be heard and taken into account when making a decision, which of course will be up to the company.<\/p>\n\n\n\n<p>In conclusion, having a DPO is neither insurance in case of non-compliance with the GDPR or the LOPD nor can he or she fulfil a simple administrative procedure to deal with the file in relation to the AEPD. A good DPO must be integrated into the every-day life of the company and be \u201cpresent\u201d when relevant data protection issues are decided upon.<\/p>\n\n\n\n<p>If you want to know more about this or any other topic, do not hesitate to <strong><a href=\"https:\/\/www.rosello-mallol.com\/en\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">contact us<\/a><\/strong>!<\/p>\n\n\n\n<div class=\"wp-block-contact-form-7-contact-form-selector\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f13645-o1\" lang=\"en-US\" dir=\"ltr\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/17413#wpcf7-f13645-o1\" method=\"post\" class=\"wpcf7-form init mailchimp-ext-0.5.72\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<div style=\"display: none;\">\n<input type=\"hidden\" name=\"_wpcf7\" value=\"13645\" \/>\n<input type=\"hidden\" name=\"_wpcf7_version\" value=\"5.9.3\" \/>\n<input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/>\n<input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f13645-o1\" \/>\n<input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/>\n<input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/div>\n<p><label> Name (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span> <\/label>\n<\/p>\n<p><label> Email (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span> <\/label>\n<\/p>\n<p><label> Contact phone (telephone contact) <span class=\"wpcf7-form-control-wrap\" data-name=\"telefon\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text uk-input\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"telefon\" \/><\/span> <\/label>\n<\/p>\n<p><label> Message <span class=\"wpcf7-form-control-wrap\" data-name=\"your-message\"><textarea cols=\"40\" rows=\"5\" class=\"wpcf7-form-control wpcf7-textarea uk-textarea\" aria-invalid=\"false\" name=\"your-message\"><\/textarea><\/span> <\/label>\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"aceptacion-RGPD\"><span class=\"wpcf7-form-control wpcf7-acceptance\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"aceptacion-RGPD\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I read and accept the <a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\">Privacy Policy<\/a><\/span><\/label><\/span><\/span><\/span><br \/>\n<label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-360\"><span class=\"wpcf7-form-control wpcf7-acceptance optional\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"acceptance-360\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I agree to receive the newsletter.<\/span><\/label><\/span><\/span><\/span><br \/>\n<input class=\"wpcf7-form-control wpcf7-submit has-spinner uk-button uk-button-primary\" type=\"submit\" value=\"Send\" \/><\/label>\n<\/p><p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"_wpcf7_ak_\"><label>&#916;<textarea name=\"_wpcf7_ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"_wpcf7_ak_js\" value=\"32\"\/><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div><p style=\"display: none !important\"><span class=\"wpcf7-form-control-wrap referer-page\"><input type=\"hidden\" name=\"referer-page\" value=\"http:\/\/Direct%20Visit\" data-value=\"http:\/\/Direct%20Visit\" class=\"wpcf7-form-control wpcf7-text referer-page\" aria-invalid=\"false\"><\/span><\/p>\n<!-- Chimpmatic extension by Renzo Johnson -->\n<\/form>\n<\/div>\n<\/div>\n\n\n\n<h6 class=\"wp-block-heading\">Information on data protection<\/h6>\n\n\n\n<p><small><strong>Company name<\/strong><br>LEGAL IT GLOBAL 2017, SLP<br><\/small><small><strong>Purpose<br><\/strong><\/small><small>Providing the service.<br><\/small><small>Sending the newsletter.<br><\/small><small><strong>Legal basis<br><\/strong>Compliance with the service provision.<br>Consent.<br><\/small><small><strong>Recipients<\/strong><br>Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.<\/small><br><small><strong>Rights<\/strong><br>You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.<\/small><br><small><strong>Further information<\/strong><br>See the&nbsp;<a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Privacy Policy<\/a>.<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Almost 7 years have passed since I spoke on this blog about the need (or not) for a Data Protection Officer (DPO). Many things have happened since January 2015, and beyond defining the cases in which a DPO is legally required, I want to focus on the day to day of your Officer, if you [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":17524,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"_joinchat":[],"footnotes":""},"categories":[246],"tags":[496,447,507,394],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Data Protection Officer: do I need it? | Rosell\u00f3 Mallol Law Firm<\/title>\n<meta name=\"description\" content=\"Do I really need a Data Protection Officer? It has been 7 years since I wrote about the subject, and there is a lot of news!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Protection Officer: do I need it? | Rosell\u00f3 Mallol Law Firm\" \/>\n<meta property=\"og:description\" content=\"Do I really need a Data Protection Officer? It has been 7 years since I wrote about the subject, and there is a lot of news!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/\" \/>\n<meta property=\"og:site_name\" content=\"Rosell\u00f3 Mallol\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-15T11:12:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-24T11:47:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marketing\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:site\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marketing\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Protection Officer: do I need it? | Rosell\u00f3 Mallol Law Firm","description":"Do I really need a Data Protection Officer? It has been 7 years since I wrote about the subject, and there is a lot of news!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/","og_locale":"en_US","og_type":"article","og_title":"Data Protection Officer: do I need it? | Rosell\u00f3 Mallol Law Firm","og_description":"Do I really need a Data Protection Officer? It has been 7 years since I wrote about the subject, and there is a lot of news!","og_url":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/","og_site_name":"Rosell\u00f3 Mallol","article_published_time":"2021-10-15T11:12:06+00:00","article_modified_time":"2022-02-24T11:47:38+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg","type":"image\/jpeg"}],"author":"Marketing","twitter_card":"summary_large_image","twitter_creator":"@vic_rosello","twitter_site":"@vic_rosello","twitter_misc":{"Written by":"Marketing","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#article","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/"},"author":{"name":"Marketing","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147"},"headline":"Data Protection Officer: do I need it?","datePublished":"2021-10-15T11:12:06+00:00","dateModified":"2022-02-24T11:47:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/"},"wordCount":773,"publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg","keywords":["AEPD","DPO","Law","RGPD"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/","url":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/","name":"Data Protection Officer: do I need it? | Rosell\u00f3 Mallol Law Firm","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#primaryimage"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg","datePublished":"2021-10-15T11:12:06+00:00","dateModified":"2022-02-24T11:47:38+00:00","description":"Do I really need a Data Protection Officer? It has been 7 years since I wrote about the subject, and there is a lot of news!","breadcrumb":{"@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#primaryimage","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg","width":1280,"height":853,"caption":"Data Protection Officer"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosello-mallol.com\/en\/data-protection-officer-do-i-need-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/www.rosello-mallol.com\/en\/"},{"@type":"ListItem","position":2,"name":"Data Protection Officer: do I need it?"}]},{"@type":"WebSite","@id":"https:\/\/www.rosello-mallol.com\/en\/#website","url":"https:\/\/www.rosello-mallol.com\/en\/","name":"Rosell\u00f3 Mallol","description":"Despatx advocats experts en TIC i Protecci\u00f3 de dades","publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosello-mallol.com\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosello-mallol.com\/en\/#organization","name":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital","url":"https:\/\/www.rosello-mallol.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","width":4000,"height":736,"caption":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/vic_rosello","https:\/\/www.instagram.com\/rosellomallol\/","https:\/\/www.linkedin.com\/in\/victorrosello\/","https:\/\/www.youtube.com\/channel\/UCxcqAdksWzsEaZ5UYoFJd0Q\/featured"]},{"@type":"Person","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147","name":"Marketing","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c298f7002ea52eec3d8a408ed8ef4fdf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c298f7002ea52eec3d8a408ed8ef4fdf?s=96&d=mm&r=g","caption":"Marketing"},"url":"https:\/\/www.rosello-mallol.com\/en\/author\/marketing\/"}]}},"jetpack_featured_media_url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/man-gbffb5e458_1280.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/17413"}],"collection":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/comments?post=17413"}],"version-history":[{"count":0,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/17413\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media\/17524"}],"wp:attachment":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media?parent=17413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/categories?post=17413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/tags?post=17413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}