What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
In Japan, there is no requirement to designate a Data Protection Officer. That said, Japan’s Data Protection Laws require that data controllers, such as employers, establish a system to protect personal information, including organizational security measures. Therefore, under the guideline, employers should assign someone with the responsibility of handling personal data.