🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 37 of the GDPR: Appointment of a data protection officer (DPO)

Home GDPR articles decrypted Article 37 of the GDPR: Appointment of a data protection officer (DPO)

Article 37 of the GDPR: Appointment of a data protection officer (DPO)

Summary

Article 37 of the GDPR requires certain organizations to appoint a data protection officer (DPO). This professional plays a key role in the governance of personal data, ensuring compliance with regulatory obligations.

Article 37 of the GDPR explained

The designation of a DPO is mandatory when:

  • The processing is carried out by a public authority or body (outside jurisdiction);
  • Core activities consist of large-scale treatments requiring regular and systematic monitoring;
  • The main activities consist of large-scale processing of sensitive data or data relating to criminal convictions.

The DPO can be internal or external, but must be designated based on his professional qualities, specialist knowledge of data protection law and practices.

Why is this article important for your GDPR compliance?

The DPO is one GDPR compliance pillar. He advises, controls, trains and acts as a point of contact with the CNIL. Its designation is a guarantee of seriousness and rigor in the management of personal data.

How to comply with Article 37 of the GDPR?

  • Evaluate whether your structure is affected by the obligation to appoint a DPO;
  • Choose a competent professional (internal or external);
  • Inform the CNIL of its designation via the dedicated teleservice;
  • Provide the necessary resources to enable the DPO to carry out its missions.

Examples of application of Article 37 of the GDPR

  • A local authority designates a shared DPO for several establishments;
  • An insurance company outsources the DPO function to a specialized firm;
  • An e-commerce company chooses an internal DPO responsible for overseeing the compliance of CRM and marketing tools.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject