Under the GDPR every organisation with a core business operation that involves the processing of data belonging to EU citizens must appoint a Data Protection Officer (DPO). All public authorities and bodies that process data or monitor the behaviour of EU citizens, regardless of data type or quantity, must appoint a DPO. In addition, any organisation that processes special and unique personal information (including personally identifiable information, race, ethnicity, and biometric data) on a large sale must appoint a Data Protection Officer. If a private organisation never participates in data storage, and does not process any special or personally identifiable information (PII), then it does not need to appoint a GDPR DPO.
Click here to view what GDPR courses we offer.