WHO IS SUITABLE TO BE AN INTERNAL DATA PROTECTION OFFICER?

Each controller processing personal data may be required to appoint a data protection officer. The controller shall be free to choose whether an internal or external data protection officer is to be employed, Art. 37 (6) GDPR (valid as of 25 May 2018).

If an internal data protection officer is designated, we believe that he or she shall fulfill the following requirements:

IT Expertise

Sufficient knowledge of IT systems and data processing procedures.

Ideal Behavior

Thorough and impeccable coworker in relation to superiors and colleagues.

Impartial

Autonomous and independent pursuit of his activity.

Loyalty

Just attitude, fairness and loyalty to the enterprise belong to it.

Legal Knowledge of Data Protection

Good knowledge of national data protection law, European directives and regulations.

Assertiveness

Assertiveness, self-assurance and ability to counter-balance are absolutely necessary.

Willingness to learn

Willingness to engage in further training.

Diligence

Diligence, accuracy, and sense of duty should be his strengths.

Directors, IT administrators, personnel managers and other managers with responsibilities regarding the data processing, are not generally permitted to hold the position of the data protection officer.

Comparison of the Internal and External Data Protection Officer.