What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its: purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
In Alberta and British Columbia and for federally regulated employers covered by the Personal Information Protection and Electronic Documents Act (PIPEDA), employers are required to appoint one or more individuals to be responsible for ensuring compliance with privacy laws.
Even where not required, it is a best practice to appoint someone with the responsibility of ensuring the protection of employee personal information.