{"id":9096,"date":"2022-02-01T11:04:57","date_gmt":"2022-02-01T10:04:57","guid":{"rendered":"https:\/\/www.cabinetbouchara.com\/delegue-a-la-protection-des-donnees-data-protection-officer\/"},"modified":"2026-02-10T08:57:45","modified_gmt":"2026-02-10T07:57:45","slug":"data-protection-officer-dpo","status":"publish","type":"page","link":"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-officer-dpo\/","title":{"rendered":"Data Protection Officer (DPO)"},"content":{"rendered":"<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/\">Lexicon<\/a> <span style=\"color: #F5B63F\">&gt; <span style=\"color: #F5B63F\"><b>Data Protection Officer (DPO)<\/b><\/span><\/span><\/p>\n<p>IT Lexicon<\/p>\n<p style=\"text-align: justify\">The Data Protection Officer is at the heart of the compliance framework enshrined in the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR<\/a> and facilitates organizations&#8217; compliance with its provisions.<\/p>\n<p style=\"text-align: justify\">It is one of the cornerstones of the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">controller<\/a> and <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/subcontractor\/\" target=\"_blank\" rel=\"noopener noreferrer\">processor<\/a> liability regime, and provides a competitive advantage by promoting compliance with the GDPR and acting as an intermediary between the relevant actors <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/controlling-authority\/\" target=\"_blank\" rel=\"noopener noreferrer\">(supervisory authorities<\/a>, data subjects, processors).<\/p>\n<p style=\"text-align: justify\">Its designation is mandatory when:<\/p>\n<ul>\n<li style=\"text-align: justify\">The <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-transfer\/\" target=\"_blank\" rel=\"noopener noreferrer\">processing<\/a> is carried out by a public authority or public body;<\/li>\n<li style=\"text-align: justify\">The core activities of the controller or processor consist of processing operations which, by virtue of their nature, scope and\/or purposes, require regular and systematic large-scale monitoring of data subjects;<\/li>\n<li style=\"text-align: justify\">The core activities of the controller or processor consist of large-scale processing of special categories of data and <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/personal-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal data<\/a> relating to criminal convictions and offences.<\/li>\n<\/ul>\n<p style=\"text-align: justify\">Even where the GDPR does not specifically require the appointment of a <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-officer-dpo\/\" target=\"_blank\" rel=\"noopener noreferrer\">DPO<\/a>, organizations are encouraged to appoint one on a voluntary basis, particularly where they encounter data protection issues.<\/p>\n<p style=\"text-align: justify\">The DPO must be a professional with legal expertise in data protection, be able to perform his or her duties independently, and have sufficient autonomy and resources to carry out his or her duties effectively.<\/p>\n<p style=\"text-align: justify\">Dedicated or shared, the DPO can be internal to the organization, but also external.<\/p>\n<p style=\"text-align: justify\">The data controller or the processor must communicate the contact details of the DPO to the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/national-commission-for-information-technology-and-civil-liberties-cnil\/\" target=\"_blank\" rel=\"noopener noreferrer\">CNIL<\/a> and to the data subjects as part of their right to information.<\/p>\n<p style=\"text-align: justify\">In the exercise of his missions, the DPO remains subject to professional secrecy and respects a duty of <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/privacy\/\" target=\"_blank\" rel=\"noopener noreferrer\">confidentiality<\/a>.<\/p>\n<p style=\"text-align: justify\">Concerning his missions, the DPO can be in charge of :<\/p>\n<ul>\n<li style=\"text-align: justify\">To inform and advise the controller or processor and the employees carrying out the processing on their data protection obligations;<\/li>\n<li style=\"text-align: justify\">Monitor compliance with the GDPR, including the allocation of responsibilities, awareness and training of personnel involved in processing operations, and related audits;<\/li>\n<li style=\"text-align: justify\">Provide advice, upon request, on the data protection <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-privacy-impact-assessment-dpa\/\" target=\"_blank\" rel=\"noopener noreferrer\">impact assessment<\/a> and verify its execution;<\/li>\n<li style=\"text-align: justify\">To cooperate with the supervisory authority;<\/li>\n<li style=\"text-align: justify\">To act as a contact point for the supervisory authority on matters relating to data processing.<\/li>\n<\/ul>\n<h2>GDPR Point<\/h2>\n<p style=\"text-align: justify\"><span>&#8220;<\/span><i><span>The Data Protection Officer shall be appointed on the basis of professional qualities and, in particular, expert data protection law and practice, and the ability to perform the tasks<\/span><\/i><span>&#8220;.<\/span><\/p>\n<p style=\"text-align: justify\"><span>Article 37, paragraph 5 of the GDPR<\/span><\/p>\n<h2 style=\"text-align: justify\">Point of jurisprudence<\/h2>\n<p><span>The Spanish Data Protection Authority has sanctioned GLOVO APP 23 S.L. for not having appointed a Data Protection Officer to the supervisory authority.<\/span><\/p>\n<p><span>Agencia Espa\u00f1ola de Protecci\u00f3n de Datos, June 9, 2020, N\u00b0PS\/00417\/2019<\/span><\/p>\n<p>The Bouchara Law firm assists you in particular in :<\/p>\n<ul>\n<li>Making your organization <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR<\/a> compliant;<\/li>\n<li>The drafting of data protection policies (privacy policy, computer charter &#8230;);<\/li>\n<li>Documentation of your processing (register of processing activities, register of violations, privacy <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-privacy-impact-assessment-dpa\/\" target=\"_blank\" rel=\"noopener noreferrer\">impact analysis<\/a>, prior consultation&#8230;);<\/li>\n<li>Obtaining certifications and adhering to <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/code-of-conduct\/\" target=\"_blank\" rel=\"noopener noreferrer\">codes of conduct<\/a>;<\/li>\n<li>The study of the legal feasibility of the implementation of a new <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/personal-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal<\/a> <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-processing\/\" target=\"_blank\" rel=\"noopener noreferrer\">data processing<\/a>;<\/li>\n<li>The drafting and transmission of your codes of conduct to the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/national-commission-for-information-technology-and-civil-liberties-cnil\/\" target=\"_blank\" rel=\"noopener noreferrer\">CNIL<\/a> for approval;<\/li>\n<li>Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;<\/li>\n<li>Drafting and negotiating your data processing agreements (DPA);<\/li>\n<li>Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;<\/li>\n<li>Training and awareness of your employees.<\/li>\n<\/ul>\n<p>We are also the external <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-officer-dpo\/\" target=\"_blank\" rel=\"noopener noreferrer\">Data Protection Officer<\/a> of many data <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">processors<\/a> and <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/subcontractor\/\" target=\"_blank\" rel=\"noopener noreferrer\">subcontractors<\/a>.<\/p>\n<h2>Other definitions<\/h2>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/brand\/\">Trademark\u00a0<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/brand\/\">A trademark is a distinctive sign allowing its owner (natural or legal person) to differentiate its products and services&#8230;<\/a><\/p>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\">GDPR<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\">The GDPR refers to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals&#8230;<\/a><\/p>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/renowned-or-well-known-trademark\/\">Renowned or well-known trademark\u00a0<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/renowned-or-well-known-trademark\/\">The concepts of reputed and well-known trademarks have been defined by the jurisprudence and designate a trademark that is widely known by the public&#8230;<\/a><\/p>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/wipo\/\">WIPO<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/wipo\/\">The World Intellectual Property Organization (WIPO) is an international institution of the United Nations, located in Geneva&#8230;<\/a><\/p>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/\">See the lexicon<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cabinetbouchara.com\/wp-content\/uploads\/2021\/12\/Fichier-24.svg\" width=\"25\" height=\"25\" alt=\"\" class=\"wp-image-1012 alignnone size-medium\" style=\"margin-left: 15px;margin-bottom: -6px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lexicon &gt; Data Protection Officer (DPO) IT Lexicon The Data Protection Officer is at the heart of the compliance framework enshrined in the GDPR and facilitates organizations&#8217; compliance with its provisions. It is one of the cornerstones of the controller and processor liability regime, and provides a competitive advantage by promoting compliance with the GDPR &#8230; <a title=\"Data Protection Officer (DPO)\" class=\"read-more\" href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-officer-dpo\/\" aria-label=\"Read more about Data Protection Officer (DPO)\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":9175,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-9096","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/comments?post=9096"}],"version-history":[{"count":6,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9096\/revisions"}],"predecessor-version":[{"id":19607,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9096\/revisions\/19607"}],"up":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9175"}],"wp:attachment":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/media?parent=9096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}