Data Protection Officer
The main innovation introduced by the General Data Protection Regulation (GDPR) is the principle of accountability that aims to guarantee compliance with data protection principles and implies a cultural change that endorses transparent data protection, privacy policies and user control, internal clarity and procedures for operationalising privacy and high-level, demonstrable responsibility to external stakeholders and data protection authorities.
GDPR requires the controller to be responsible for making sure all privacy principles are adhered to. Moreover, the GDPR requires that the organisation and organism demonstrate compliance with all the principles of the regulation: principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality. The designation of Data Protection Officer (DPO) represents one of the ways to incorporate the accountability principle. The aim of this paper is to fulfil the gap in existing literature by strengthening the relevance of the role of the DPO in helping controllers and processors comply with the European Union law.
- Article 29 Data Protection Working Party. (2016). Guidelines on Data Protection Officers (‘DPOs’) (16/EN WP 243, revised and adopted on 05 April 2017). Available at: http://ec.europa.eu/justice/data-protection/index_en.htm
- Comellini, S. (2018). Il responsabile della protezione dei dati (Data Protection Officer – DPO), Soluzioni di Diritto. Bologna: Maggioli Editore.Google Scholar
- Home Garante per la protezione dei dati personali. (2018). Retrieved from http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/8036793
- Pizzetti, F. (2016). Privacy e il diritto europeo alla protezione dei dati personali, II: Il Regolamento europeo 2016/679 (pp. 6–9). Torino: G. Giappichelli.Google Scholar