A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its: purposes, interconnections, types, categories of data subjects, length of retention and the department(s) in charge of implementing processing. DPOs may be required by law or recommended.
The European General Data Protection Regulation requires that data controllers and data processors designate a DPO in any case where:
Under Belgium’s law on the protection of natural persons with regard to the processing of personal data (2018), designating a DPO may be required for employers (and others) who process personal data for or from Federal authorities if the processing could result in a high risk to individuals’ rights and freedoms.
A DPO is not mandatory for every organization but is highly recommended.