Data Protection Officer (DPO)

Law no. 190/2018, in line with GDPR, mandates the designation of a Data Protection Officer (DPO) in certain circumstances, such as when processing is carried out by a public authority or body, or when the core activities of the controller or processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale, or of processing on a large scale of special categories of data or data relating to criminal convictions and offences. The DPO plays a crucial role in advising on data protection compliance, monitoring adherence to regulations, and acting as a contact point for supervisory authorities and data subjects.

A Data Protection Officer (DPO) is an individual appointed by a data controller or processor to advise on and monitor compliance with data protection laws, including ZVOP-2 and GDPR. The DPO acts as an internal auditor, provides training, assists with Data Protection Impact Assessments, and serves as a contact point for the supervisory authority and data subjects. Their appointment is mandatory for public authorities and organizations engaged in large-scale or sensitive data processing, ensuring independent oversight.