Data protection officer
When their data is being processed, consumers must be informed who they can contact at the data controller (see Obligation for transparent information). In some cases, the General Data Protection Regulation requires companies to appoint data protection officers. These are typically the first point of contact for consumers in data protection matters. Data protection officers are to be appointed, for example, if the company’s business model is based on data processing or if it processes particularly sensitive data.
Data protection officers in companies monitor compliance with the General Data Protection Regulation. They inform the persons entrusted with the data processing about their duties. Data protection officers do not necessarily have to be employed by the company itself, but can also act as external service providers for the company.
Source: The tasks and responsibilities for data protection officers are laid down in articles 37 through 39 of Regulation (EU) 2016/679.