Multi-Industry Chief Compliance and Ethics Officers

Under the new European privacy regulation (the GDPR), certain businesses would need to appoint a privacy officer ("data protection officer' or 'DPO"). The concept of having a privacy professional guiding businesses for compliance is nothing new in Europe but the topic was simply regulated at Member State level before. As a result, some countries made it mandatory for companies to appoint a DPO (i.e. Germany) while others encouraged the practice in return for some administrative benefits (i.e. France). There was no uniformity. The GDPR changes the situation remarkably. The GDPR now requires that certain private sector organizations must appoint DPOs in Europe. This requirement applies to all types of organizations irrespective of their size and whether they are processing personal data in the capacity of a Controller or a Processor. Moreover, the GDPR's applicability scope is not limited to European companies and may cover some of the global businesses which deals with European personal data without having any physical presence in Europe. And some of these businesses may also fall under the GDPR's DPO appointment obligation. Here is a practical decision tree to understand whether your business is subject to the EU GDPR's DPO appointment obligation.

#EuropeanPrivacyCompliance #GDPR #PrivacyRecruitment #PrivacyPolicy #TheGeneralDataProtectionRegulation #DataProtectionOfficer