On May 25, 2018, the new European regulations on the protection of personal data (hereinafter referred to as the GDPR – General Data Protection Regulation) came into force. This regulation is known for its extraterritorial action: it is mandatory for use in all the EU countries, and under certain conditions, its action extends to non-European companies and compels them to align their activities with the requirements of the GDPR in order not to lose their European partners.
The GDPR enhances the previously established personal data protection procedure and introduces new obligations for organizations that process such data.
In particular, the regulations carried out the modernization of the already existing profession of the person responsible for data protection (hereinafter DPO – Data Protection Officer). This post was created by the 1995 framework directive, which was replaced by the new text. The previous legislation regulated the activities of such specialists but did not insist on their mandatory appointment.
When Should DPO Be Assigned?
Today, in the era of the GDPR, the appointment of the DPO became mandatory in the following cases (Article 37 of the GDPR):
In the companies that systematically and regularly carry out large-scale monitoring of users (most often it is monitoring for the purpose …