While the position of Data Protection Officer (DPO) had existed in countries like Germany and France since the 1990’s, GDPR crystallized the need and role of the position. GDPR Articles 37, 38 and 39 define the roles and responsibilities of the DPO and Articles 8 and 9 define its data responsibilities. The DPO should monitor overall privacy risk and compliance for their organization and act as the conduit with national supervising authorities.
The Data Protection Officer (DPO) is a closely related role to the CPO. The DPO is a mandated role in GDPR who works with the local Data Protection Authority (DPA) to ensure compliance with the regulation. Very few companies have combined the roles as the CPO is seen as an advocate for the company while the DPO is an advocate for the DPA. Section 4, articles 37-39 define the role and responsibilities of the data protection officer.
From the GDPR text, this is how the regulation defines DPO responsibilities:
Sign up for a demo