A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
There is no legal requirement in China for organizations to appoint a DPO. However, the 2020 Specification includes the recommendation to appoint a specific institution and specific personnel to be responsible for the internal management of personal data protection when: