Mandatory Data Protection Officer
Data Security Officer
Optional Data Protection Officer
Creation of DPO in discussion
The Directive 95/46/EC gave European Union member states the possibility to introduce into their national law the appointment of a Data Protection Officer (DPO). Some countries have token this opportunity and have proceeded as such.
However, DPO’s duties & powers may vary depending on EU members’ legislations. This interactive map shows which countries allow the appointment of Data Protection Officers and presents a comprehensive overview on their status - their key role regarding privacy protection.
Last update march 2012
The DPO concept comes from the article 18 of the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The DPO is responsible in particular for independently ensuring the internal application of the national data protection legislation, for keeping a register of personal data processing implemented in the body, and for ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the processing operations. In France, this role is assumed by the Correspondant Informatique et Libertés (CIL)
The DSO concept comes from the article 2.4 of the Directive 2009/136/EC amending Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation.
The DSO is responsible in particular for protecting data against their unauthorized disclosure, takeover by an unauthorized person, or any change, loss, damage or destruction. He / she also supervises the implementation of technical and organizational measures to protect the personal data being processed, appropriate to the risks and category of data being protected.