Personal data protection officer
With the entrance into force of the draft law “On personal data protection” (2022), controllers and processors shall be legally obliged to appoint a personal data protection officer (“Officer”), if:- the processing is carried out by a public authority or entity, with the exception of courts within the framework of judicial activity;
– the primary activities of the controller or processor consist of processing actions which, due to their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or
– the main activities of the controller or processor pertain to the processing on a large scale of sensitive data or criminal data (personal data related to convictions and criminal offenses or security measures related to them).
The Officer is charged with several primary duties such as:
– provides advice to the governing bodies of the controller or processor;
– informs and advises the controller’s or processor’s staff on data protection, including raising awareness and training the staff involved in processing operations, and relevant audits;
– monitors compliance with this (draft)law and reports to the executive staff;
– cooperates and serves as a contact point for the Data Protection Commissioner, etc.
The data protection officer may be a staff member of the controller or processor, or can perform tasks on the basis of a service contract.