What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
In New Zealand, employers (and other agencies) are required to appoint privacy officers whose responsibilities include:
- encouraging the company to comply with the Information Privacy Principles outlined in the Privacy Act;
- handling requests made to employers;
- working with the data protection Commissioner in the event of an investigation relating to the employer; and,
- ensuring the company complies with the Privacy Act 2020.